@pensar/apex 2.1.2-canary.b00d36c6 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/build/{agent-nfshsy6s.js → agent-737mxp3v.js} +7 -7
  2. package/build/agent-8w9h3tnw.js +19 -0
  3. package/build/{agent-3n3mpmyd.js → agent-vdrtakz4.js} +9 -9
  4. package/build/{apps-4wfaw0jf.js → apps-j0bwey0w.js} +15 -15
  5. package/build/{auth-8rhy8fv5.js → auth-5stxpmga.js} +15 -15
  6. package/build/authentication-qswvctj4.js +19 -0
  7. package/build/blackboxAgent-vwm9t3h4.js +19 -0
  8. package/build/{blackboxPentest-mep90kjs.js → blackboxPentest-2edr9rj3.js} +13 -13
  9. package/build/{cli-j0pkr8fx.js → cli-0gk2x2sc.js} +3 -3
  10. package/build/{cli-jrgg8mm7.js → cli-35czfv00.js} +408 -454
  11. package/build/{cli-4wevw3pw.js → cli-6vs0mtsb.js} +2 -2
  12. package/build/{cli-p1607qpm.js → cli-6wwpk9d9.js} +1 -1
  13. package/build/{cli-73dd5xbw.js → cli-9vzc18m5.js} +7 -7
  14. package/build/{cli-h9ckbgyv.js → cli-9z6vwf30.js} +1 -1
  15. package/build/{cli-7hhh581w.js → cli-dqkdnd3c.js} +4 -4
  16. package/build/{cli-cv6ksx11.js → cli-gbkj2has.js} +2 -2
  17. package/build/{cli-2tg2kjh8.js → cli-hj3t87r2.js} +1 -1
  18. package/build/{cli-61k5qfet.js → cli-jd0c0b91.js} +1 -1
  19. package/build/{cli-mfrgq3wf.js → cli-ks60cc3h.js} +1 -1
  20. package/build/{cli-1wvq8fmx.js → cli-tw3fe8bj.js} +1 -1
  21. package/build/{cli-f11c6hrv.js → cli-v1aqbv58.js} +4 -4
  22. package/build/{cli-v695pmmv.js → cli-whtdyc0e.js} +3 -3
  23. package/build/{cli-wb9e1cm9.js → cli-xnnkeg5p.js} +1 -1
  24. package/build/{cli-jk8q7k35.js → cli-yjbkaqvy.js} +7 -17
  25. package/build/cli.js +33 -33
  26. package/build/{config-da16q9zt.js → config-s5ryv5ez.js} +3 -3
  27. package/build/{doctor-5qk6rmjv.js → doctor-f08gegwc.js} +6 -6
  28. package/build/{fixes-p4xaphrv.js → fixes-qf4s92z2.js} +15 -15
  29. package/build/{index-xf9cpaaf.js → index-5h1hjhzw.js} +9 -9
  30. package/build/{index-sazk2djd.js → index-c6qz0gve.js} +6 -6
  31. package/build/{index-73zr7jyp.js → index-exvkbve0.js} +4 -4
  32. package/build/{index-r9844238.js → index-gakk2t5q.js} +17 -17
  33. package/build/{index-n0ej2712.js → index-s8gw83d6.js} +8 -8
  34. package/build/{index-bm9e2zg1.js → index-sqjve2bm.js} +2 -2
  35. package/build/{index-c7x5j9c6.js → index-x4xefngs.js} +3 -3
  36. package/build/{issues-btekj8p2.js → issues-5anqrh2j.js} +15 -15
  37. package/build/{logs-q7zna00s.js → logs-q6ankt6m.js} +15 -15
  38. package/build/{offesecAgent-ys3zdgqw.js → offesecAgent-hsej0pfc.js} +8 -8
  39. package/build/pentest-1e30q7rs.js +28 -0
  40. package/build/{pentests-rs82gahj.js → pentests-hyx3c3qa.js} +15 -15
  41. package/build/{targetedPentest-an4qdy5q.js → targetedPentest-ws0a7frk.js} +9 -9
  42. package/build/{targets-w9c68qqt.js → targets-9cqrshet.js} +15 -15
  43. package/build/threatModel-z9b213x8.js +26 -0
  44. package/build/{uninstall-ww1w0cy3.js → uninstall-1j469qj7.js} +1 -1
  45. package/build/{upload-z6xb3eda.js → upload-ymvhkyq5.js} +6 -6
  46. package/build/{utils-9cvvh20b.js → utils-d1ed6jzf.js} +5 -5
  47. package/package.json +1 -1
  48. package/build/agent-s4vkqxtr.js +0 -19
  49. package/build/authentication-69dgp6ec.js +0 -19
  50. package/build/blackboxAgent-458t65hq.js +0 -19
  51. package/build/pentest-pc1098c0.js +0 -28
  52. package/build/threatModel-0ns4663v.js +0 -26
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  detectOSAndEnhancePrompt
3
- } from "./cli-p1607qpm.js";
3
+ } from "./cli-6wwpk9d9.js";
4
4
  import {
5
5
  parseTargetUrl
6
6
  } from "./cli-c8131c4q.js";
@@ -26,14 +26,14 @@ import {
26
26
  scopedLogger,
27
27
  streamResponse,
28
28
  write
29
- } from "./cli-f11c6hrv.js";
29
+ } from "./cli-v1aqbv58.js";
30
30
  import {
31
31
  ensureValidToken,
32
32
  getPensarApiUrl,
33
33
  init_auth,
34
34
  init_constants,
35
35
  signGatewayRequest
36
- } from "./cli-2tg2kjh8.js";
36
+ } from "./cli-hj3t87r2.js";
37
37
  import {
38
38
  exports_external,
39
39
  init_zod,
@@ -43,7 +43,7 @@ import {
43
43
  import {
44
44
  config,
45
45
  init_config
46
- } from "./cli-h9ckbgyv.js";
46
+ } from "./cli-9z6vwf30.js";
47
47
  import {
48
48
  __commonJS,
49
49
  __export,
@@ -42466,8 +42466,8 @@ var require_core3 = __commonJS((exports) => {
42466
42466
  function many1(p) {
42467
42467
  return ab(p, many(p), (head, tail) => [head, ...tail]);
42468
42468
  }
42469
- function ab(pa, pb, join15) {
42470
- return (data, i) => mapOuter(pa(data, i), (ma) => mapInner(pb(data, ma.position), (vb, j) => join15(ma.value, vb, data, i, j)));
42469
+ function ab(pa, pb, join14) {
42470
+ return (data, i) => mapOuter(pa(data, i), (ma) => mapInner(pb(data, ma.position), (vb, j) => join14(ma.value, vb, data, i, j)));
42471
42471
  }
42472
42472
  function left(pa, pb) {
42473
42473
  return ab(pa, pb, (va) => va);
@@ -42475,8 +42475,8 @@ var require_core3 = __commonJS((exports) => {
42475
42475
  function right(pa, pb) {
42476
42476
  return ab(pa, pb, (va, vb) => vb);
42477
42477
  }
42478
- function abc(pa, pb, pc, join15) {
42479
- return (data, i) => mapOuter(pa(data, i), (ma) => mapOuter(pb(data, ma.position), (mb) => mapInner(pc(data, mb.position), (vc, j) => join15(ma.value, mb.value, vc, data, i, j))));
42478
+ function abc(pa, pb, pc, join14) {
42479
+ return (data, i) => mapOuter(pa(data, i), (ma) => mapOuter(pb(data, ma.position), (mb) => mapInner(pc(data, mb.position), (vc, j) => join14(ma.value, mb.value, vc, data, i, j))));
42480
42480
  }
42481
42481
  function middle(pa, pb, pc) {
42482
42482
  return abc(pa, pb, pc, (ra, rb) => rb);
@@ -46221,10 +46221,10 @@ var require_helpers = __commonJS((exports) => {
46221
46221
  return !arr.includes(node, i + 1);
46222
46222
  });
46223
46223
  nodes.sort(function(a, b) {
46224
- var relative2 = compareDocumentPosition(a, b);
46225
- if (relative2 & DocumentPosition.PRECEDING) {
46224
+ var relative = compareDocumentPosition(a, b);
46225
+ if (relative & DocumentPosition.PRECEDING) {
46226
46226
  return -1;
46227
- } else if (relative2 & DocumentPosition.FOLLOWING) {
46227
+ } else if (relative & DocumentPosition.FOLLOWING) {
46228
46228
  return 1;
46229
46229
  }
46230
46230
  return 0;
@@ -50952,8 +50952,8 @@ var require_simple_parser = __commonJS((exports, module) => {
50952
50952
  }
50953
50953
  let promise2;
50954
50954
  if (!callback) {
50955
- promise2 = new Promise((resolve3, reject) => {
50956
- callback = callbackPromise(resolve3, reject);
50955
+ promise2 = new Promise((resolve2, reject) => {
50956
+ callback = callbackPromise(resolve2, reject);
50957
50957
  });
50958
50958
  }
50959
50959
  options = options || {};
@@ -51039,13 +51039,13 @@ var require_simple_parser = __commonJS((exports, module) => {
51039
51039
  }
51040
51040
  return promise2;
51041
51041
  };
51042
- function callbackPromise(resolve3, reject) {
51042
+ function callbackPromise(resolve2, reject) {
51043
51043
  return function(...args) {
51044
51044
  let err = args.shift();
51045
51045
  if (err) {
51046
51046
  reject(err);
51047
51047
  } else {
51048
- resolve3(...args);
51048
+ resolve2(...args);
51049
51049
  }
51050
51050
  };
51051
51051
  }
@@ -51474,8 +51474,8 @@ var require_retry = __commonJS((exports) => {
51474
51474
  }
51475
51475
  const delay = getNextRetryDelay(config3);
51476
51476
  err.config.retryConfig.currentRetryAttempt += 1;
51477
- const backoff = config3.retryBackoff ? config3.retryBackoff(err, delay) : new Promise((resolve3) => {
51478
- setTimeout(resolve3, delay);
51477
+ const backoff = config3.retryBackoff ? config3.retryBackoff(err, delay) : new Promise((resolve2) => {
51478
+ setTimeout(resolve2, delay);
51479
51479
  });
51480
51480
  if (config3.onRetryAttempt) {
51481
51481
  await config3.onRetryAttempt(err);
@@ -57091,7 +57091,7 @@ var require_jwtaccess = __commonJS((exports) => {
57091
57091
  }
57092
57092
  }
57093
57093
  fromStreamAsync(inputStream) {
57094
- return new Promise((resolve3, reject) => {
57094
+ return new Promise((resolve2, reject) => {
57095
57095
  if (!inputStream) {
57096
57096
  reject(new Error("Must pass in a stream containing the service account auth settings."));
57097
57097
  }
@@ -57100,7 +57100,7 @@ var require_jwtaccess = __commonJS((exports) => {
57100
57100
  try {
57101
57101
  const data = JSON.parse(s);
57102
57102
  this.fromJSON(data);
57103
- resolve3();
57103
+ resolve2();
57104
57104
  } catch (err) {
57105
57105
  reject(err);
57106
57106
  }
@@ -57287,7 +57287,7 @@ var require_jwtclient = __commonJS((exports) => {
57287
57287
  }
57288
57288
  }
57289
57289
  fromStreamAsync(inputStream) {
57290
- return new Promise((resolve3, reject) => {
57290
+ return new Promise((resolve2, reject) => {
57291
57291
  if (!inputStream) {
57292
57292
  throw new Error("Must pass in a stream containing the service account auth settings.");
57293
57293
  }
@@ -57296,7 +57296,7 @@ var require_jwtclient = __commonJS((exports) => {
57296
57296
  try {
57297
57297
  const data = JSON.parse(s);
57298
57298
  this.fromJSON(data);
57299
- resolve3();
57299
+ resolve2();
57300
57300
  } catch (e) {
57301
57301
  reject(e);
57302
57302
  }
@@ -57397,7 +57397,7 @@ var require_refreshclient = __commonJS((exports) => {
57397
57397
  }
57398
57398
  }
57399
57399
  async fromStreamAsync(inputStream) {
57400
- return new Promise((resolve3, reject) => {
57400
+ return new Promise((resolve2, reject) => {
57401
57401
  if (!inputStream) {
57402
57402
  return reject(new Error("Must pass in a stream containing the user refresh token."));
57403
57403
  }
@@ -57406,7 +57406,7 @@ var require_refreshclient = __commonJS((exports) => {
57406
57406
  try {
57407
57407
  const data = JSON.parse(s);
57408
57408
  this.fromJSON(data);
57409
- return resolve3();
57409
+ return resolve2();
57410
57410
  } catch (err) {
57411
57411
  return reject(err);
57412
57412
  }
@@ -58770,7 +58770,7 @@ var require_pluggable_auth_handler = __commonJS((exports) => {
58770
58770
  this.outputFile = options.outputFile;
58771
58771
  }
58772
58772
  retrieveResponseFromExecutable(envMap) {
58773
- return new Promise((resolve3, reject) => {
58773
+ return new Promise((resolve2, reject) => {
58774
58774
  const child = childProcess.spawn(this.commandComponents[0], this.commandComponents.slice(1), {
58775
58775
  env: { ...process.env, ...Object.fromEntries(envMap) }
58776
58776
  });
@@ -58792,7 +58792,7 @@ var require_pluggable_auth_handler = __commonJS((exports) => {
58792
58792
  try {
58793
58793
  const responseJson = JSON.parse(output);
58794
58794
  const response = new executable_response_1.ExecutableResponse(responseJson);
58795
- return resolve3(response);
58795
+ return resolve2(response);
58796
58796
  } catch (error2) {
58797
58797
  if (error2 instanceof executable_response_1.ExecutableResponseError) {
58798
58798
  return reject(error2);
@@ -59444,7 +59444,7 @@ var require_googleauth = __commonJS((exports) => {
59444
59444
  }
59445
59445
  }
59446
59446
  fromStreamAsync(inputStream, options) {
59447
- return new Promise((resolve3, reject) => {
59447
+ return new Promise((resolve2, reject) => {
59448
59448
  if (!inputStream) {
59449
59449
  throw new Error("Must pass in a stream containing the Google auth settings.");
59450
59450
  }
@@ -59454,7 +59454,7 @@ var require_googleauth = __commonJS((exports) => {
59454
59454
  try {
59455
59455
  const data = JSON.parse(chunks.join(""));
59456
59456
  const r = this._cacheClientFromJSON(data, options);
59457
- return resolve3(r);
59457
+ return resolve2(r);
59458
59458
  } catch (err) {
59459
59459
  if (!this.keyFilename)
59460
59460
  throw err;
@@ -59464,7 +59464,7 @@ var require_googleauth = __commonJS((exports) => {
59464
59464
  });
59465
59465
  this.cachedCredential = client;
59466
59466
  this.setGapicJWTValues(client);
59467
- return resolve3(client);
59467
+ return resolve2(client);
59468
59468
  }
59469
59469
  } catch (err) {
59470
59470
  return reject(err);
@@ -59485,16 +59485,16 @@ var require_googleauth = __commonJS((exports) => {
59485
59485
  return false;
59486
59486
  }
59487
59487
  async getDefaultServiceProjectId() {
59488
- return new Promise((resolve3) => {
59488
+ return new Promise((resolve2) => {
59489
59489
  (0, child_process_1.exec)("gcloud config config-helper --format json", (err, stdout) => {
59490
59490
  if (!err && stdout) {
59491
59491
  try {
59492
59492
  const projectId = JSON.parse(stdout).configuration.properties.core.project;
59493
- resolve3(projectId);
59493
+ resolve2(projectId);
59494
59494
  return;
59495
59495
  } catch (e) {}
59496
59496
  }
59497
- resolve3(null);
59497
+ resolve2(null);
59498
59498
  });
59499
59499
  });
59500
59500
  }
@@ -62473,7 +62473,7 @@ var require_http2 = __commonJS((exports) => {
62473
62473
  const chunks = [];
62474
62474
  const session = sessionData.session;
62475
62475
  let req;
62476
- return new Promise((resolve3, reject) => {
62476
+ return new Promise((resolve2, reject) => {
62477
62477
  try {
62478
62478
  req = session.request(headers).on("response", (responseHeaders) => {
62479
62479
  Object.assign(res, {
@@ -62486,7 +62486,7 @@ var require_http2 = __commonJS((exports) => {
62486
62486
  }
62487
62487
  if (opts.responseType === "stream") {
62488
62488
  res.data = stream;
62489
- resolve3(res);
62489
+ resolve2(res);
62490
62490
  return;
62491
62491
  }
62492
62492
  stream.on("data", (d) => {
@@ -62520,7 +62520,7 @@ var require_http2 = __commonJS((exports) => {
62520
62520
  }
62521
62521
  reject(new Error(message, { cause: res }));
62522
62522
  }
62523
- resolve3(res);
62523
+ resolve2(res);
62524
62524
  return;
62525
62525
  });
62526
62526
  }).on("error", (e) => {
@@ -63062,7 +63062,7 @@ var require_discovery = __commonJS((exports) => {
63062
63062
  exports.Discovery = undefined;
63063
63063
  var fs = __require("fs");
63064
63064
  var gaxios_1 = require_src3();
63065
- var resolve3 = __require("url");
63065
+ var resolve2 = __require("url");
63066
63066
  var util = __require("util");
63067
63067
  var apirequest_1 = require_apirequest();
63068
63068
  var endpoint_1 = require_endpoint();
@@ -63128,7 +63128,7 @@ var require_discovery = __commonJS((exports) => {
63128
63128
  }
63129
63129
  async discoverAPI(apiDiscoveryUrl) {
63130
63130
  if (typeof apiDiscoveryUrl === "string") {
63131
- const parts = resolve3.parse(apiDiscoveryUrl);
63131
+ const parts = resolve2.parse(apiDiscoveryUrl);
63132
63132
  if (apiDiscoveryUrl && !parts.protocol) {
63133
63133
  this.log("Reading from file " + apiDiscoveryUrl);
63134
63134
  const file = await readFile(apiDiscoveryUrl, { encoding: "utf8" });
@@ -66001,12 +66001,12 @@ var require_BatchRequestContent = __commonJS((exports) => {
66001
66001
  case 6:
66002
66002
  blob_1 = _a.sent();
66003
66003
  reader_1 = new FileReader;
66004
- return [4, new Promise(function(resolve3) {
66004
+ return [4, new Promise(function(resolve2) {
66005
66005
  reader_1.addEventListener("load", function() {
66006
66006
  var dataURL = reader_1.result;
66007
66007
  var regex = new RegExp("^s*data:(.+?/.+?(;.+?=.+?)*)?(;base64)?,(.*)s*$");
66008
66008
  var segments = regex.exec(dataURL);
66009
- resolve3(segments[4]);
66009
+ resolve2(segments[4]);
66010
66010
  }, false);
66011
66011
  reader_1.readAsDataURL(blob_1);
66012
66012
  })];
@@ -66782,8 +66782,8 @@ var require_RetryHandler = __commonJS((exports) => {
66782
66782
  var delayMilliseconds;
66783
66783
  return tslib_1.__generator(this, function(_a) {
66784
66784
  delayMilliseconds = delaySeconds * 1000;
66785
- return [2, new Promise(function(resolve3) {
66786
- return setTimeout(resolve3, delayMilliseconds);
66785
+ return [2, new Promise(function(resolve2) {
66786
+ return setTimeout(resolve2, delayMilliseconds);
66787
66787
  })];
66788
66788
  });
66789
66789
  });
@@ -67456,12 +67456,12 @@ var require_GraphResponseHandler = __commonJS((exports) => {
67456
67456
  function GraphResponseHandler2() {}
67457
67457
  GraphResponseHandler2.parseDocumentResponse = function(rawResponse, type) {
67458
67458
  if (typeof DOMParser !== "undefined") {
67459
- return new Promise(function(resolve3, reject) {
67459
+ return new Promise(function(resolve2, reject) {
67460
67460
  rawResponse.text().then(function(xmlString) {
67461
67461
  try {
67462
67462
  var parser = new DOMParser;
67463
67463
  var xmlDoc = parser.parseFromString(xmlString, type);
67464
- resolve3(xmlDoc);
67464
+ resolve2(xmlDoc);
67465
67465
  } catch (error2) {
67466
67466
  reject(error2);
67467
67467
  }
@@ -68135,7 +68135,7 @@ var require_StreamUpload = __commonJS((exports) => {
68135
68135
  };
68136
68136
  StreamUpload2.prototype.readNBytesFromStream = function(size) {
68137
68137
  var _this = this;
68138
- return new Promise(function(resolve3, reject) {
68138
+ return new Promise(function(resolve2, reject) {
68139
68139
  var chunks = [];
68140
68140
  var remainder = size;
68141
68141
  var length = 0;
@@ -68154,7 +68154,7 @@ var require_StreamUpload = __commonJS((exports) => {
68154
68154
  }
68155
68155
  }
68156
68156
  if (length === size) {
68157
- return resolve3(Buffer.concat(chunks));
68157
+ return resolve2(Buffer.concat(chunks));
68158
68158
  }
68159
68159
  if (!_this.content || !_this.content.readable) {
68160
68160
  return reject(new GraphClientError_1.GraphClientError("Error encountered while reading the stream during the upload"));
@@ -68289,7 +68289,7 @@ var require_CustomAuthenticationProvider = __commonJS((exports) => {
68289
68289
  return tslib_1.__awaiter(this, undefined, undefined, function() {
68290
68290
  var _this = this;
68291
68291
  return tslib_1.__generator(this, function(_a) {
68292
- return [2, new Promise(function(resolve3, reject) {
68292
+ return [2, new Promise(function(resolve2, reject) {
68293
68293
  _this.provider(function(error2, accessToken) {
68294
68294
  return tslib_1.__awaiter(_this, undefined, undefined, function() {
68295
68295
  var invalidTokenMessage, err;
@@ -68298,7 +68298,7 @@ var require_CustomAuthenticationProvider = __commonJS((exports) => {
68298
68298
  case 0:
68299
68299
  if (!accessToken)
68300
68300
  return [3, 1];
68301
- resolve3(accessToken);
68301
+ resolve2(accessToken);
68302
68302
  return [3, 3];
68303
68303
  case 1:
68304
68304
  if (!error2) {
@@ -71159,7 +71159,7 @@ var require_thread_stream = __commonJS((exports, module) => {
71159
71159
  var { version: version2 } = require_package5();
71160
71160
  var { EventEmitter: EventEmitter2 } = __require("events");
71161
71161
  var { Worker } = __require("worker_threads");
71162
- var { join: join15 } = __require("path");
71162
+ var { join: join14 } = __require("path");
71163
71163
  var { pathToFileURL } = __require("url");
71164
71164
  var { wait } = require_wait();
71165
71165
  var {
@@ -71195,7 +71195,7 @@ var require_thread_stream = __commonJS((exports, module) => {
71195
71195
  function createWorker(stream, opts) {
71196
71196
  const { filename, workerData } = opts;
71197
71197
  const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
71198
- const toExecute = bundlerOverrides["thread-stream-worker"] || join15(__dirname, "lib", "worker.js");
71198
+ const toExecute = bundlerOverrides["thread-stream-worker"] || join14(__dirname, "lib", "worker.js");
71199
71199
  const worker = new Worker(toExecute, {
71200
71200
  ...opts.workerOpts,
71201
71201
  trackUnmanagedFds: false,
@@ -71584,7 +71584,7 @@ var require_transport = __commonJS((exports, module) => {
71584
71584
  var { createRequire: createRequire3 } = __require("module");
71585
71585
  var { existsSync: existsSync9 } = __require("node:fs");
71586
71586
  var getCallers = require_caller();
71587
- var { join: join15, isAbsolute: isAbsolute3, sep: sep2 } = __require("node:path");
71587
+ var { join: join14, isAbsolute: isAbsolute2, sep } = __require("node:path");
71588
71588
  var { fileURLToPath } = __require("node:url");
71589
71589
  var sleep = require_atomic_sleep();
71590
71590
  var onExit = require_on_exit_leak_free();
@@ -71656,7 +71656,7 @@ var require_transport = __commonJS((exports, module) => {
71656
71656
  return false;
71657
71657
  }
71658
71658
  }
71659
- return isAbsolute3(path) && !existsSync9(path);
71659
+ return isAbsolute2(path) && !existsSync9(path);
71660
71660
  }
71661
71661
  function stripQuotes(value) {
71662
71662
  const first = value[0];
@@ -71737,7 +71737,7 @@ var require_transport = __commonJS((exports, module) => {
71737
71737
  throw new Error("only one of target or targets can be specified");
71738
71738
  }
71739
71739
  if (targets) {
71740
- target = bundlerOverrides["pino-worker"] || join15(__dirname, "worker.js");
71740
+ target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
71741
71741
  options.targets = targets.filter((dest) => dest.target).map((dest) => {
71742
71742
  return {
71743
71743
  ...dest,
@@ -71754,7 +71754,7 @@ var require_transport = __commonJS((exports, module) => {
71754
71754
  });
71755
71755
  });
71756
71756
  } else if (pipeline2) {
71757
- target = bundlerOverrides["pino-worker"] || join15(__dirname, "worker.js");
71757
+ target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
71758
71758
  options.pipelines = [pipeline2.map((dest) => {
71759
71759
  return {
71760
71760
  ...dest,
@@ -71773,16 +71773,16 @@ var require_transport = __commonJS((exports, module) => {
71773
71773
  return buildStream(fixTarget(target), options, worker, sync, name);
71774
71774
  function fixTarget(origin) {
71775
71775
  origin = bundlerOverrides[origin] || origin;
71776
- if (isAbsolute3(origin) || origin.indexOf("file://") === 0) {
71776
+ if (isAbsolute2(origin) || origin.indexOf("file://") === 0) {
71777
71777
  return origin;
71778
71778
  }
71779
71779
  if (origin === "pino/file") {
71780
- return join15(__dirname, "..", "file.js");
71780
+ return join14(__dirname, "..", "file.js");
71781
71781
  }
71782
71782
  let fixTarget2;
71783
71783
  for (const filePath of callers) {
71784
71784
  try {
71785
- const context = filePath === "node:repl" ? process.cwd() + sep2 : filePath;
71785
+ const context = filePath === "node:repl" ? process.cwd() + sep : filePath;
71786
71786
  fixTarget2 = createRequire3(context).resolve(origin);
71787
71787
  break;
71788
71788
  } catch (err) {
@@ -72706,7 +72706,7 @@ var require_safe_stable_stringify = __commonJS((exports, module) => {
72706
72706
  return circularValue;
72707
72707
  }
72708
72708
  let res = "";
72709
- let join15 = ",";
72709
+ let join14 = ",";
72710
72710
  const originalIndentation = indentation;
72711
72711
  if (Array.isArray(value)) {
72712
72712
  if (value.length === 0) {
@@ -72720,7 +72720,7 @@ var require_safe_stable_stringify = __commonJS((exports, module) => {
72720
72720
  indentation += spacer;
72721
72721
  res += `
72722
72722
  ${indentation}`;
72723
- join15 = `,
72723
+ join14 = `,
72724
72724
  ${indentation}`;
72725
72725
  }
72726
72726
  const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -72728,13 +72728,13 @@ ${indentation}`;
72728
72728
  for (;i < maximumValuesToStringify - 1; i++) {
72729
72729
  const tmp2 = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
72730
72730
  res += tmp2 !== undefined ? tmp2 : "null";
72731
- res += join15;
72731
+ res += join14;
72732
72732
  }
72733
72733
  const tmp = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
72734
72734
  res += tmp !== undefined ? tmp : "null";
72735
72735
  if (value.length - 1 > maximumBreadth) {
72736
72736
  const removedKeys = value.length - maximumBreadth - 1;
72737
- res += `${join15}"... ${getItemCount(removedKeys)} not stringified"`;
72737
+ res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
72738
72738
  }
72739
72739
  if (spacer !== "") {
72740
72740
  res += `
@@ -72755,7 +72755,7 @@ ${originalIndentation}`;
72755
72755
  let separator = "";
72756
72756
  if (spacer !== "") {
72757
72757
  indentation += spacer;
72758
- join15 = `,
72758
+ join14 = `,
72759
72759
  ${indentation}`;
72760
72760
  whitespace = " ";
72761
72761
  }
@@ -72769,13 +72769,13 @@ ${indentation}`;
72769
72769
  const tmp = stringifyFnReplacer(key2, value, stack, replacer, spacer, indentation);
72770
72770
  if (tmp !== undefined) {
72771
72771
  res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
72772
- separator = join15;
72772
+ separator = join14;
72773
72773
  }
72774
72774
  }
72775
72775
  if (keyLength > maximumBreadth) {
72776
72776
  const removedKeys = keyLength - maximumBreadth;
72777
72777
  res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
72778
- separator = join15;
72778
+ separator = join14;
72779
72779
  }
72780
72780
  if (spacer !== "" && separator.length > 1) {
72781
72781
  res = `
@@ -72815,7 +72815,7 @@ ${originalIndentation}`;
72815
72815
  }
72816
72816
  const originalIndentation = indentation;
72817
72817
  let res = "";
72818
- let join15 = ",";
72818
+ let join14 = ",";
72819
72819
  if (Array.isArray(value)) {
72820
72820
  if (value.length === 0) {
72821
72821
  return "[]";
@@ -72828,7 +72828,7 @@ ${originalIndentation}`;
72828
72828
  indentation += spacer;
72829
72829
  res += `
72830
72830
  ${indentation}`;
72831
- join15 = `,
72831
+ join14 = `,
72832
72832
  ${indentation}`;
72833
72833
  }
72834
72834
  const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -72836,13 +72836,13 @@ ${indentation}`;
72836
72836
  for (;i < maximumValuesToStringify - 1; i++) {
72837
72837
  const tmp2 = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
72838
72838
  res += tmp2 !== undefined ? tmp2 : "null";
72839
- res += join15;
72839
+ res += join14;
72840
72840
  }
72841
72841
  const tmp = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
72842
72842
  res += tmp !== undefined ? tmp : "null";
72843
72843
  if (value.length - 1 > maximumBreadth) {
72844
72844
  const removedKeys = value.length - maximumBreadth - 1;
72845
- res += `${join15}"... ${getItemCount(removedKeys)} not stringified"`;
72845
+ res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
72846
72846
  }
72847
72847
  if (spacer !== "") {
72848
72848
  res += `
@@ -72855,7 +72855,7 @@ ${originalIndentation}`;
72855
72855
  let whitespace = "";
72856
72856
  if (spacer !== "") {
72857
72857
  indentation += spacer;
72858
- join15 = `,
72858
+ join14 = `,
72859
72859
  ${indentation}`;
72860
72860
  whitespace = " ";
72861
72861
  }
@@ -72864,7 +72864,7 @@ ${indentation}`;
72864
72864
  const tmp = stringifyArrayReplacer(key2, value[key2], stack, replacer, spacer, indentation);
72865
72865
  if (tmp !== undefined) {
72866
72866
  res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
72867
- separator = join15;
72867
+ separator = join14;
72868
72868
  }
72869
72869
  }
72870
72870
  if (spacer !== "" && separator.length > 1) {
@@ -72921,20 +72921,20 @@ ${originalIndentation}`;
72921
72921
  indentation += spacer;
72922
72922
  let res2 = `
72923
72923
  ${indentation}`;
72924
- const join16 = `,
72924
+ const join15 = `,
72925
72925
  ${indentation}`;
72926
72926
  const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
72927
72927
  let i = 0;
72928
72928
  for (;i < maximumValuesToStringify - 1; i++) {
72929
72929
  const tmp2 = stringifyIndent(String(i), value[i], stack, spacer, indentation);
72930
72930
  res2 += tmp2 !== undefined ? tmp2 : "null";
72931
- res2 += join16;
72931
+ res2 += join15;
72932
72932
  }
72933
72933
  const tmp = stringifyIndent(String(i), value[i], stack, spacer, indentation);
72934
72934
  res2 += tmp !== undefined ? tmp : "null";
72935
72935
  if (value.length - 1 > maximumBreadth) {
72936
72936
  const removedKeys = value.length - maximumBreadth - 1;
72937
- res2 += `${join16}"... ${getItemCount(removedKeys)} not stringified"`;
72937
+ res2 += `${join15}"... ${getItemCount(removedKeys)} not stringified"`;
72938
72938
  }
72939
72939
  res2 += `
72940
72940
  ${originalIndentation}`;
@@ -72950,16 +72950,16 @@ ${originalIndentation}`;
72950
72950
  return '"[Object]"';
72951
72951
  }
72952
72952
  indentation += spacer;
72953
- const join15 = `,
72953
+ const join14 = `,
72954
72954
  ${indentation}`;
72955
72955
  let res = "";
72956
72956
  let separator = "";
72957
72957
  let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
72958
72958
  if (isTypedArrayWithEntries(value)) {
72959
- res += stringifyTypedArray(value, join15, maximumBreadth);
72959
+ res += stringifyTypedArray(value, join14, maximumBreadth);
72960
72960
  keys = keys.slice(value.length);
72961
72961
  maximumPropertiesToStringify -= value.length;
72962
- separator = join15;
72962
+ separator = join14;
72963
72963
  }
72964
72964
  if (deterministic) {
72965
72965
  keys = sort(keys, comparator);
@@ -72970,13 +72970,13 @@ ${indentation}`;
72970
72970
  const tmp = stringifyIndent(key2, value[key2], stack, spacer, indentation);
72971
72971
  if (tmp !== undefined) {
72972
72972
  res += `${separator}${strEscape(key2)}: ${tmp}`;
72973
- separator = join15;
72973
+ separator = join14;
72974
72974
  }
72975
72975
  }
72976
72976
  if (keyLength > maximumBreadth) {
72977
72977
  const removedKeys = keyLength - maximumBreadth;
72978
72978
  res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
72979
- separator = join15;
72979
+ separator = join14;
72980
72980
  }
72981
72981
  if (separator !== "") {
72982
72982
  res = `
@@ -74749,8 +74749,8 @@ var require_imap_stream = __commonJS((exports, module) => {
74749
74749
  payload = payload.slice(0, end);
74750
74750
  }
74751
74751
  if (payload.length) {
74752
- await new Promise((resolve3) => {
74753
- this.push({ payload, literals, next: resolve3 });
74752
+ await new Promise((resolve2) => {
74753
+ this.push({ payload, literals, next: resolve2 });
74754
74754
  });
74755
74755
  }
74756
74756
  }
@@ -74787,7 +74787,7 @@ var require_imap_stream = __commonJS((exports, module) => {
74787
74787
  data.next();
74788
74788
  processedCount++;
74789
74789
  if (processedCount % 10 === 0) {
74790
- await new Promise((resolve3) => setImmediate(resolve3));
74790
+ await new Promise((resolve2) => setImmediate(resolve2));
74791
74791
  }
74792
74792
  }
74793
74793
  }
@@ -78181,11 +78181,11 @@ var require_receivebuffer = __commonJS((exports) => {
78181
78181
  var require_socksclient = __commonJS((exports) => {
78182
78182
  var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
78183
78183
  function adopt(value) {
78184
- return value instanceof P ? value : new P(function(resolve3) {
78185
- resolve3(value);
78184
+ return value instanceof P ? value : new P(function(resolve2) {
78185
+ resolve2(value);
78186
78186
  });
78187
78187
  }
78188
- return new (P || (P = Promise))(function(resolve3, reject) {
78188
+ return new (P || (P = Promise))(function(resolve2, reject) {
78189
78189
  function fulfilled(value) {
78190
78190
  try {
78191
78191
  step(generator.next(value));
@@ -78201,7 +78201,7 @@ var require_socksclient = __commonJS((exports) => {
78201
78201
  }
78202
78202
  }
78203
78203
  function step(result) {
78204
- result.done ? resolve3(result.value) : adopt(result.value).then(fulfilled, rejected);
78204
+ result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected);
78205
78205
  }
78206
78206
  step((generator = generator.apply(thisArg, _arguments || [])).next());
78207
78207
  });
@@ -78228,13 +78228,13 @@ var require_socksclient = __commonJS((exports) => {
78228
78228
  this.setState(constants_1.SocksClientState.Created);
78229
78229
  }
78230
78230
  static createConnection(options, callback) {
78231
- return new Promise((resolve3, reject) => {
78231
+ return new Promise((resolve2, reject) => {
78232
78232
  try {
78233
78233
  (0, helpers_1.validateSocksClientOptions)(options, ["connect"]);
78234
78234
  } catch (err) {
78235
78235
  if (typeof callback === "function") {
78236
78236
  callback(err);
78237
- return resolve3(err);
78237
+ return resolve2(err);
78238
78238
  } else {
78239
78239
  return reject(err);
78240
78240
  }
@@ -78245,16 +78245,16 @@ var require_socksclient = __commonJS((exports) => {
78245
78245
  client.removeAllListeners();
78246
78246
  if (typeof callback === "function") {
78247
78247
  callback(null, info);
78248
- resolve3(info);
78248
+ resolve2(info);
78249
78249
  } else {
78250
- resolve3(info);
78250
+ resolve2(info);
78251
78251
  }
78252
78252
  });
78253
78253
  client.once("error", (err) => {
78254
78254
  client.removeAllListeners();
78255
78255
  if (typeof callback === "function") {
78256
78256
  callback(err);
78257
- resolve3(err);
78257
+ resolve2(err);
78258
78258
  } else {
78259
78259
  reject(err);
78260
78260
  }
@@ -78262,13 +78262,13 @@ var require_socksclient = __commonJS((exports) => {
78262
78262
  });
78263
78263
  }
78264
78264
  static createConnectionChain(options, callback) {
78265
- return new Promise((resolve3, reject) => __awaiter(this, undefined, undefined, function* () {
78265
+ return new Promise((resolve2, reject) => __awaiter(this, undefined, undefined, function* () {
78266
78266
  try {
78267
78267
  (0, helpers_1.validateSocksClientChainOptions)(options);
78268
78268
  } catch (err) {
78269
78269
  if (typeof callback === "function") {
78270
78270
  callback(err);
78271
- return resolve3(err);
78271
+ return resolve2(err);
78272
78272
  } else {
78273
78273
  return reject(err);
78274
78274
  }
@@ -78294,14 +78294,14 @@ var require_socksclient = __commonJS((exports) => {
78294
78294
  }
78295
78295
  if (typeof callback === "function") {
78296
78296
  callback(null, { socket: sock });
78297
- resolve3({ socket: sock });
78297
+ resolve2({ socket: sock });
78298
78298
  } else {
78299
- resolve3({ socket: sock });
78299
+ resolve2({ socket: sock });
78300
78300
  }
78301
78301
  } catch (err) {
78302
78302
  if (typeof callback === "function") {
78303
78303
  callback(err);
78304
- resolve3(err);
78304
+ resolve2(err);
78305
78305
  } else {
78306
78306
  reject(err);
78307
78307
  }
@@ -82804,7 +82804,7 @@ var require_tools2 = __commonJS((exports, module) => {
82804
82804
  var libmime = require_libmime2();
82805
82805
  var { resolveCharset } = require_charsets3();
82806
82806
  var { compiler } = require_imap_handler();
82807
- var { createHash: createHash2 } = __require("crypto");
82807
+ var { createHash } = __require("crypto");
82808
82808
  var { JPDecoder } = require_jp_decoder();
82809
82809
  var iconv = require_lib11();
82810
82810
  var FLAG_COLORS = ["red", "orange", "yellow", "green", "blue", "purple", "grey"];
@@ -83105,7 +83105,7 @@ var require_tools2 = __commonJS((exports, module) => {
83105
83105
  path = iconv.encode(path, "utf-7-imap").toString();
83106
83106
  } catch {}
83107
83107
  }
83108
- map2.id = map2.emailId || createHash2("md5").update([path, mailbox.uidValidity?.toString() || "", map2.uid.toString()].join(":")).digest("hex");
83108
+ map2.id = map2.emailId || createHash("md5").update([path, mailbox.uidValidity?.toString() || "", map2.uid.toString()].join(":")).digest("hex");
83109
83109
  }
83110
83110
  if (map2.flags) {
83111
83111
  let flagColor = tools.getFlagColor(map2.flags);
@@ -84559,12 +84559,12 @@ var require_fetch = __commonJS((exports, module) => {
84559
84559
  messages.count++;
84560
84560
  let formatted = await formatMessageResponse(untagged, mailbox);
84561
84561
  if (typeof options.onUntaggedFetch === "function") {
84562
- await new Promise((resolve3, reject) => {
84562
+ await new Promise((resolve2, reject) => {
84563
84563
  options.onUntaggedFetch(formatted, (err) => {
84564
84564
  if (err) {
84565
84565
  reject(err);
84566
84566
  } else {
84567
- resolve3();
84567
+ resolve2();
84568
84568
  }
84569
84569
  });
84570
84570
  });
@@ -84589,7 +84589,7 @@ var require_fetch = __commonJS((exports, module) => {
84589
84589
  retryCount,
84590
84590
  delayMs: delay
84591
84591
  });
84592
- await new Promise((resolve3) => setTimeout(resolve3, delay));
84592
+ await new Promise((resolve2) => setTimeout(resolve2, delay));
84593
84593
  retryCount++;
84594
84594
  continue;
84595
84595
  }
@@ -85727,14 +85727,14 @@ var require_idle = __commonJS((exports, module) => {
85727
85727
  connection.idling = false;
85728
85728
  connection.preCheck = false;
85729
85729
  while (preCheckWaitQueue.length) {
85730
- let { resolve: resolve3 } = preCheckWaitQueue.shift();
85731
- resolve3();
85730
+ let { resolve: resolve2 } = preCheckWaitQueue.shift();
85731
+ resolve2();
85732
85732
  }
85733
85733
  }
85734
85734
  };
85735
85735
  let connectionPreCheck = () => {
85736
- let handler = new Promise((resolve3, reject) => {
85737
- preCheckWaitQueue.push({ resolve: resolve3, reject });
85736
+ let handler = new Promise((resolve2, reject) => {
85737
+ preCheckWaitQueue.push({ resolve: resolve2, reject });
85738
85738
  });
85739
85739
  connection.log.trace({
85740
85740
  msg: "Requesting IDLE break",
@@ -85775,8 +85775,8 @@ var require_idle = __commonJS((exports, module) => {
85775
85775
  });
85776
85776
  connection.preCheck = false;
85777
85777
  while (preCheckWaitQueue.length) {
85778
- let { resolve: resolve3 } = preCheckWaitQueue.shift();
85779
- resolve3();
85778
+ let { resolve: resolve2 } = preCheckWaitQueue.shift();
85779
+ resolve2();
85780
85780
  }
85781
85781
  }
85782
85782
  response.next();
@@ -85822,16 +85822,16 @@ var require_idle = __commonJS((exports, module) => {
85822
85822
  return runIdleLoop();
85823
85823
  }
85824
85824
  let idleTimer;
85825
- return new Promise((resolve3) => {
85825
+ return new Promise((resolve2) => {
85826
85826
  if (!connection.currentSelectCommand) {
85827
- return resolve3();
85827
+ return resolve2();
85828
85828
  }
85829
85829
  connection.preCheck = async () => {
85830
85830
  connection.preCheck = false;
85831
85831
  clearTimeout(idleTimer);
85832
85832
  connection.log.debug({ src: "c", msg: `breaking NOOP loop` });
85833
85833
  connection.idling = false;
85834
- resolve3();
85834
+ resolve2();
85835
85835
  };
85836
85836
  let selectCommand = connection.currentSelectCommand;
85837
85837
  let idleCheck = async () => {
@@ -85867,7 +85867,7 @@ var require_idle = __commonJS((exports, module) => {
85867
85867
  clearTimeout(idleTimer);
85868
85868
  connection.preCheck = false;
85869
85869
  connection.log.warn({ err, cid: connection.id });
85870
- resolve3();
85870
+ resolve2();
85871
85871
  });
85872
85872
  };
85873
85873
  connection.log.debug({ src: "c", msg: `initiated NOOP loop` });
@@ -95872,7 +95872,7 @@ var require_shared3 = __commonJS((exports, module) => {
95872
95872
  }
95873
95873
  return Object.keys(ifaces).map((key) => ifaces[key]).reduce((acc, val) => acc.concat(val), []).filter((i) => !i.internal || allowInternal).some((i) => i.family === "IPv" + family || i.family === family);
95874
95874
  };
95875
- var resolve3 = (family, hostname2, options, callback) => {
95875
+ var resolve2 = (family, hostname2, options, callback) => {
95876
95876
  options = options || {};
95877
95877
  if (!isFamilySupported(family, options.allowInternalNetworkInterfaces)) {
95878
95878
  return callback(null, []);
@@ -95949,13 +95949,13 @@ var require_shared3 = __commonJS((exports, module) => {
95949
95949
  let ipv6Addresses = [];
95950
95950
  let ipv4Error = null;
95951
95951
  let ipv6Error = null;
95952
- resolve3(4, options.host, options, (err, addresses) => {
95952
+ resolve2(4, options.host, options, (err, addresses) => {
95953
95953
  if (err) {
95954
95954
  ipv4Error = err;
95955
95955
  } else {
95956
95956
  ipv4Addresses = addresses || [];
95957
95957
  }
95958
- resolve3(6, options.host, options, (err2, addresses2) => {
95958
+ resolve2(6, options.host, options, (err2, addresses2) => {
95959
95959
  if (err2) {
95960
95960
  ipv6Error = err2;
95961
95961
  } else {
@@ -96120,13 +96120,13 @@ var require_shared3 = __commonJS((exports, module) => {
96120
96120
  });
96121
96121
  return response;
96122
96122
  };
96123
- exports.callbackPromise = (resolve4, reject) => function() {
96123
+ exports.callbackPromise = (resolve3, reject) => function() {
96124
96124
  const args = Array.from(arguments);
96125
96125
  const err = args.shift();
96126
96126
  if (err) {
96127
96127
  reject(err);
96128
96128
  } else {
96129
- resolve4(...args);
96129
+ resolve3(...args);
96130
96130
  }
96131
96131
  };
96132
96132
  exports.parseDataURI = (uri) => {
@@ -96188,8 +96188,8 @@ var require_shared3 = __commonJS((exports, module) => {
96188
96188
  exports.resolveContent = (data, key, callback) => {
96189
96189
  let promise2;
96190
96190
  if (!callback) {
96191
- promise2 = new Promise((resolve4, reject) => {
96192
- callback = exports.callbackPromise(resolve4, reject);
96191
+ promise2 = new Promise((resolve3, reject) => {
96192
+ callback = exports.callbackPromise(resolve3, reject);
96193
96193
  });
96194
96194
  }
96195
96195
  let content = data && data[key] && data[key].content || data[key];
@@ -99855,8 +99855,8 @@ var require_mime_node3 = __commonJS((exports, module) => {
99855
99855
  build(callback) {
99856
99856
  let promise2;
99857
99857
  if (!callback) {
99858
- promise2 = new Promise((resolve3, reject) => {
99859
- callback = shared.callbackPromise(resolve3, reject);
99858
+ promise2 = new Promise((resolve2, reject) => {
99859
+ callback = shared.callbackPromise(resolve2, reject);
99860
99860
  });
99861
99861
  }
99862
99862
  const stream = this.createReadStream();
@@ -101703,8 +101703,8 @@ var require_mailer = __commonJS((exports, module) => {
101703
101703
  sendMail(data, callback = null) {
101704
101704
  let promise2;
101705
101705
  if (!callback) {
101706
- promise2 = new Promise((resolve3, reject) => {
101707
- callback = shared.callbackPromise(resolve3, reject);
101706
+ promise2 = new Promise((resolve2, reject) => {
101707
+ callback = shared.callbackPromise(resolve2, reject);
101708
101708
  });
101709
101709
  }
101710
101710
  if (typeof this.getSocket === "function") {
@@ -102282,7 +102282,7 @@ var require_smtp_connection = __commonJS((exports, module) => {
102282
102282
  const handler = this.customAuth.get(this._authMethod);
102283
102283
  let lastResponse;
102284
102284
  let returned = false;
102285
- const resolve3 = () => {
102285
+ const resolve2 = () => {
102286
102286
  if (returned) {
102287
102287
  return;
102288
102288
  }
@@ -102312,8 +102312,8 @@ var require_smtp_connection = __commonJS((exports, module) => {
102312
102312
  sendCommand: (cmd, done) => {
102313
102313
  let promise2;
102314
102314
  if (!done) {
102315
- promise2 = new Promise((resolve4, reject2) => {
102316
- done = shared.callbackPromise(resolve4, reject2);
102315
+ promise2 = new Promise((resolve3, reject2) => {
102316
+ done = shared.callbackPromise(resolve3, reject2);
102317
102317
  });
102318
102318
  }
102319
102319
  this._responseActions.push((str) => {
@@ -102338,11 +102338,11 @@ var require_smtp_connection = __commonJS((exports, module) => {
102338
102338
  setImmediate(() => this._sendCommand(cmd));
102339
102339
  return promise2;
102340
102340
  },
102341
- resolve: resolve3,
102341
+ resolve: resolve2,
102342
102342
  reject
102343
102343
  });
102344
102344
  if (handlerResponse && typeof handlerResponse.catch === "function") {
102345
- handlerResponse.then(resolve3).catch(reject);
102345
+ handlerResponse.then(resolve2).catch(reject);
102346
102346
  }
102347
102347
  return;
102348
102348
  }
@@ -104509,8 +104509,8 @@ var require_smtp_pool = __commonJS((exports, module) => {
104509
104509
  verify(callback) {
104510
104510
  let promise2;
104511
104511
  if (!callback) {
104512
- promise2 = new Promise((resolve3, reject) => {
104513
- callback = shared.callbackPromise(resolve3, reject);
104512
+ promise2 = new Promise((resolve2, reject) => {
104513
+ callback = shared.callbackPromise(resolve2, reject);
104514
104514
  });
104515
104515
  }
104516
104516
  const auth = new PoolResource(this).auth;
@@ -104783,8 +104783,8 @@ var require_smtp_transport = __commonJS((exports, module) => {
104783
104783
  verify(callback) {
104784
104784
  let promise2;
104785
104785
  if (!callback) {
104786
- promise2 = new Promise((resolve3, reject) => {
104787
- callback = shared.callbackPromise(resolve3, reject);
104786
+ promise2 = new Promise((resolve2, reject) => {
104787
+ callback = shared.callbackPromise(resolve2, reject);
104788
104788
  });
104789
104789
  }
104790
104790
  this.getSocket(this.options, (err, socketOptions) => {
@@ -105249,8 +105249,8 @@ var require_ses_transport = __commonJS((exports, module) => {
105249
105249
  verify(callback) {
105250
105250
  let promise2;
105251
105251
  if (!callback) {
105252
- promise2 = new Promise((resolve3, reject) => {
105253
- callback = shared.callbackPromise(resolve3, reject);
105252
+ promise2 = new Promise((resolve2, reject) => {
105253
+ callback = shared.callbackPromise(resolve2, reject);
105254
105254
  });
105255
105255
  }
105256
105256
  const cb = (err) => {
@@ -114664,169 +114664,7 @@ The returned cookies can be formatted as a Cookie header for use with http_reque
114664
114664
  // src/core/agents/offSecAgent/tools/browserTools.ts
114665
114665
  init_dist();
114666
114666
  init_zod();
114667
- import { join as join7 } from "node:path";
114668
-
114669
- // src/core/prompt-injections/index.ts
114670
- init_zod();
114671
- import { createHash } from "node:crypto";
114672
- import { readFileSync as readFileSync2, statSync as statSync2 } from "node:fs";
114673
- import { dirname as dirname4, isAbsolute, join as join6, relative, resolve, sep } from "node:path";
114674
- function sha256(value) {
114675
- return createHash("sha256").update(value).digest("hex");
114676
- }
114677
- var PromptInjectionCatalogEntrySchema = exports_external.object({
114678
- id: exports_external.string().min(1),
114679
- name: exports_external.string().min(1).optional(),
114680
- category: exports_external.string().min(1).optional(),
114681
- description: exports_external.string().default(""),
114682
- tags: exports_external.array(exports_external.string()).default([]),
114683
- deliveryHints: exports_external.array(exports_external.string()).default([]),
114684
- expectedObservation: exports_external.string().default(""),
114685
- payloadPath: exports_external.string().min(1)
114686
- });
114687
- var PromptInjectionLibraryFileSchema = exports_external.union([
114688
- exports_external.array(PromptInjectionCatalogEntrySchema),
114689
- exports_external.object({
114690
- payloads: exports_external.array(PromptInjectionCatalogEntrySchema)
114691
- }),
114692
- exports_external.object({
114693
- injections: exports_external.array(PromptInjectionCatalogEntrySchema)
114694
- })
114695
- ]);
114696
- function isPromptInjectionRef(value) {
114697
- return typeof value === "object" && value !== null && value.kind === "prompt_injection_ref" && typeof value.id === "string";
114698
- }
114699
-
114700
- class StaticPromptInjectionLibrary {
114701
- ordered;
114702
- entries;
114703
- hashes;
114704
- constructor(entries) {
114705
- this.ordered = entries;
114706
- this.entries = new Map(entries.map((entry) => [entry.id, entry]));
114707
- this.hashes = new Map(entries.map((entry) => [entry.id, sha256(entry.payload)]));
114708
- }
114709
- listCatalog() {
114710
- return this.ordered.map(({ payload, payloadFilePath: _path, ...entry }) => ({
114711
- ...entry,
114712
- payloadHash: sha256(payload)
114713
- }));
114714
- }
114715
- getPayload(id) {
114716
- return this.entries.get(id)?.payload;
114717
- }
114718
- getPayloadFilePath(id) {
114719
- return this.entries.get(id)?.payloadFilePath;
114720
- }
114721
- getPayloadHash(id) {
114722
- return this.hashes.get(id);
114723
- }
114724
- has(id) {
114725
- return this.entries.has(id);
114726
- }
114727
- }
114728
- var EMPTY_PROMPT_INJECTION_LIBRARY = new StaticPromptInjectionLibrary([]);
114729
- var SOURCE_CACHE = new Map;
114730
- function resolvePromptInjectionLibrarySource(explicit) {
114731
- return explicit || process.env.PENSAR_PROMPT_INJECTION_LIBRARY || process.env.APEX_PROMPT_INJECTION_LIBRARY;
114732
- }
114733
- function resolveCatalogPath(source) {
114734
- if (source.startsWith("https://") || source.startsWith("http://")) {
114735
- throw new Error("Prompt injection library source must be a local path, not a URL.");
114736
- }
114737
- const path = source.startsWith("file://") ? source.slice(7) : source;
114738
- const resolved = isAbsolute(path) ? path : resolve(process.cwd(), path);
114739
- const stat = statSync2(resolved);
114740
- if (stat.isDirectory()) {
114741
- return { catalogPath: join6(resolved, "catalog.json"), root: resolved };
114742
- }
114743
- return { catalogPath: resolved, root: dirname4(resolved) };
114744
- }
114745
- function resolvePayloadPath(root, payloadPath) {
114746
- if (isAbsolute(payloadPath)) {
114747
- throw new Error("Prompt injection payloadPath must be relative.");
114748
- }
114749
- const resolved = resolve(root, payloadPath);
114750
- const relativePath = relative(root, resolved);
114751
- if (relativePath === ".." || relativePath.startsWith(`..${sep}`)) {
114752
- throw new Error("Prompt injection payloadPath must stay within the library.");
114753
- }
114754
- return resolved;
114755
- }
114756
- function parsePromptInjectionLibrary(raw, root) {
114757
- const parsed = PromptInjectionLibraryFileSchema.parse(JSON.parse(raw));
114758
- const catalogEntries = Array.isArray(parsed) ? parsed : ("payloads" in parsed) ? parsed.payloads : parsed.injections;
114759
- const entries = catalogEntries.map((entry) => {
114760
- const payloadFile = resolvePayloadPath(root, entry.payloadPath);
114761
- const payload = readFileSync2(payloadFile, "utf-8");
114762
- const { payloadPath: _payloadPath, name, category, ...safeEntry } = entry;
114763
- return {
114764
- ...safeEntry,
114765
- name: name ?? entry.id,
114766
- category: category ?? "uncategorized",
114767
- payload,
114768
- payloadFilePath: payloadFile
114769
- };
114770
- });
114771
- return new StaticPromptInjectionLibrary(entries);
114772
- }
114773
- async function readSource(source) {
114774
- if (source.startsWith("https://") || source.startsWith("http://")) {
114775
- throw new Error("Prompt injection library source must be a local path, not a URL.");
114776
- }
114777
- const { catalogPath, root } = resolveCatalogPath(source);
114778
- return parsePromptInjectionLibrary(readFileSync2(catalogPath, "utf-8"), root);
114779
- }
114780
- async function loadPromptInjectionLibrary(source) {
114781
- let cached2 = SOURCE_CACHE.get(source);
114782
- if (!cached2) {
114783
- cached2 = readSource(source).catch((err) => {
114784
- SOURCE_CACHE.delete(source);
114785
- throw err;
114786
- });
114787
- SOURCE_CACHE.set(source, cached2);
114788
- }
114789
- return cached2;
114790
- }
114791
- async function getPromptInjectionLibrary(opts) {
114792
- if (opts?.library)
114793
- return opts.library;
114794
- const source = resolvePromptInjectionLibrarySource(opts?.source);
114795
- if (!source)
114796
- return EMPTY_PROMPT_INJECTION_LIBRARY;
114797
- return loadPromptInjectionLibrary(source);
114798
- }
114799
- function resolvePromptInjectionRefs(value, library) {
114800
- if (isPromptInjectionRef(value)) {
114801
- const payload = library.getPayload(value.id);
114802
- if (!payload)
114803
- throw new Error(`Unknown prompt injection id: ${value.id}`);
114804
- return payload;
114805
- }
114806
- if (Array.isArray(value)) {
114807
- return value.map((item) => resolvePromptInjectionRefs(item, library));
114808
- }
114809
- if (typeof value === "object" && value !== null) {
114810
- const resolved = {};
114811
- for (const [key, nested] of Object.entries(value)) {
114812
- resolved[key] = resolvePromptInjectionRefs(nested, library);
114813
- }
114814
- return resolved;
114815
- }
114816
- return value;
114817
- }
114818
- function redactPromptInjectionPayloads(value, library) {
114819
- let redacted = value;
114820
- for (const entry of library.listCatalog()) {
114821
- const payload = library.getPayload(entry.id);
114822
- if (!payload)
114823
- continue;
114824
- redacted = redacted.split(payload).join(`[PROMPT_INJECTION:${entry.id}]`);
114825
- }
114826
- return redacted;
114827
- }
114828
-
114829
- // src/core/agents/offSecAgent/tools/browserTools.ts
114667
+ import { join as join6 } from "node:path";
114830
114668
  var BROWSER_TOOL_NAMES = [
114831
114669
  "browser_navigate",
114832
114670
  "browser_snapshot",
@@ -114838,87 +114676,41 @@ var BROWSER_TOOL_NAMES = [
114838
114676
  "browser_get_cookies"
114839
114677
  ];
114840
114678
  function createBrowserToolset(ctx) {
114841
- const tools = ctx.sandbox ? createSandboxBrowserTools(ctx) : createBrowserTools(ctx.target ?? "", join7(ctx.session.rootPath, "evidence"), "operator", undefined, ctx.abortSignal, undefined, undefined, undefined, ctx.browserSession);
114842
- const cm = ctx.credentialManager;
114843
- const injectionEnabled = !!(ctx.promptInjectionLibrary || ctx.promptInjectionLibrarySource);
114844
- if (!cm && !injectionEnabled) {
114679
+ const tools = ctx.sandbox ? createSandboxBrowserTools(ctx) : createBrowserTools(ctx.target ?? "", join6(ctx.session.rootPath, "evidence"), "operator", undefined, ctx.abortSignal, undefined, undefined, undefined, ctx.browserSession);
114680
+ if (!ctx.credentialManager) {
114845
114681
  return tools;
114846
114682
  }
114847
114683
  const originalFill = tools.browser_fill;
114848
- const shape = {
114849
- element: exports_external.string().describe("Description of form field, e.g., 'Username field' or 'Search input'"),
114850
- ref: exports_external.string().optional().describe("Element reference from browser_snapshot (e.g., 'e3'). If provided, uses exact element reference for precise filling."),
114851
- value: exports_external.string().optional().describe("Literal value to fill into the field. Omit when using promptInjection.id or credentialId + credentialField."),
114852
- toolCallDescription: exports_external.string().describe("Why you are filling this field with this value")
114853
- };
114854
- if (injectionEnabled) {
114855
- shape.promptInjection = exports_external.object({
114856
- id: exports_external.string().describe("Stable prompt-injection id returned by list_prompt_injections.")
114857
- }).optional().describe("Deliver a hidden prompt-injection payload into this field instead of a literal `value`. The payload is resolved from the library by id and typed into the field WITHOUT being revealed to you; the echoed result is redacted. Use this to fire library payloads into chat boxes / text inputs, then click send.");
114858
- }
114859
- if (cm) {
114860
- shape.credentialId = exports_external.string().optional().describe("ID of a stored credential. When provided with credentialField, the secret is resolved automatically.");
114861
- shape.credentialField = exports_external.enum([
114862
- "password",
114863
- "username",
114864
- "apiKey",
114865
- "bearerToken",
114866
- "cookies",
114867
- "sessionToken"
114868
- ]).optional().describe("Which field to extract from the credential (e.g. 'password'). Required when credentialId is set.");
114869
- }
114870
- let description = originalFill.description ?? "";
114871
- if (injectionEnabled) {
114872
- description += `
114873
-
114874
- Prompt-injection delivery: to type a library payload into a field ` + `(chat box, comment, profile field, etc.), pass "promptInjection": ` + `{ "id": "<id from list_prompt_injections>" } and omit "value". The ` + `payload is injected without being revealed to you and the echoed result ` + `is redacted. Click send/submit afterward to deliver it.`;
114875
- }
114876
- if (cm) {
114877
- description += `
114878
-
114879
- Credential mode: Instead of passing a raw secret as "value", you can ` + `pass "credentialId" + "credentialField" (e.g. "password") and the value ` + `will be resolved securely. Always prefer this when filling password or ` + `secret fields.`;
114880
- }
114881
- const execOptions = {
114882
- toolCallId: "",
114883
- messages: [],
114884
- abortSignal: undefined
114885
- };
114886
- const wrappedFill = tool({
114887
- description,
114888
- inputSchema: exports_external.object(shape),
114889
- execute: async (rawParams) => {
114890
- const params = rawParams;
114891
- const { element, ref, toolCallDescription } = params;
114892
- let value = params.value;
114893
- if (injectionEnabled && params.promptInjection?.id) {
114894
- const id = params.promptInjection.id;
114895
- const library = await getPromptInjectionLibrary({
114896
- library: ctx.promptInjectionLibrary,
114897
- source: ctx.promptInjectionLibrarySource
114898
- });
114899
- const payload = library.getPayload(id);
114900
- if (!payload) {
114901
- return {
114902
- success: false,
114903
- error: `Unknown prompt injection id: ${id}`
114904
- };
114905
- }
114906
- const fill = await originalFill.execute?.({ element, ref, value: payload, toolCallDescription }, execOptions);
114907
- if (fill && fill.success === false) {
114908
- return {
114909
- success: false,
114910
- element,
114911
- error: redactPromptInjectionPayloads(String(fill.error ?? ""), library) || "browser_fill failed"
114912
- };
114913
- }
114914
- return {
114915
- success: true,
114916
- element,
114917
- result: `[prompt_injection_ref ${id} typed into field; payload hidden]`
114918
- };
114919
- }
114920
- if (cm && params.credentialId && params.credentialField) {
114921
- const { credentialId, credentialField } = params;
114684
+ const cm = ctx.credentialManager;
114685
+ const credentialAwareFill = tool({
114686
+ description: originalFill.description + `
114687
+
114688
+ Credential mode: Instead of passing a raw secret as "value", you can pass ` + `"credentialId" + "credentialField" (e.g. "password") and the value will be ` + `resolved securely. Always prefer this when filling password or secret fields.`,
114689
+ inputSchema: exports_external.object({
114690
+ element: exports_external.string().describe("Description of form field, e.g., 'Username field' or 'Search input'"),
114691
+ ref: exports_external.string().optional().describe("Element reference from browser_snapshot (e.g., 'e3'). If provided, uses exact element reference for precise filling."),
114692
+ value: exports_external.string().optional().describe("Value to fill into the field. Omit when using credentialId + credentialField."),
114693
+ credentialId: exports_external.string().optional().describe("ID of a stored credential. When provided with credentialField, the secret is resolved automatically."),
114694
+ credentialField: exports_external.enum([
114695
+ "password",
114696
+ "username",
114697
+ "apiKey",
114698
+ "bearerToken",
114699
+ "cookies",
114700
+ "sessionToken"
114701
+ ]).optional().describe("Which field to extract from the credential (e.g. 'password'). Required when credentialId is set."),
114702
+ toolCallDescription: exports_external.string().describe("Why you are filling this field with this value")
114703
+ }),
114704
+ execute: async (params) => {
114705
+ let { value } = params;
114706
+ const {
114707
+ element,
114708
+ ref,
114709
+ credentialId,
114710
+ credentialField,
114711
+ toolCallDescription
114712
+ } = params;
114713
+ if (credentialId && credentialField) {
114922
114714
  const stored = cm.resolve(credentialId);
114923
114715
  if (!stored) {
114924
114716
  return {
@@ -114941,15 +114733,15 @@ Credential mode: Instead of passing a raw secret as "value", you can ` + `pass "
114941
114733
  if (!value) {
114942
114734
  return {
114943
114735
  success: false,
114944
- error: injectionEnabled ? "Provide one of: value, promptInjection.id, or credentialId + credentialField" : "Either value or credentialId + credentialField must be provided"
114736
+ error: "Either value or credentialId + credentialField must be provided"
114945
114737
  };
114946
114738
  }
114947
- return originalFill.execute?.({ element, ref, value, toolCallDescription }, execOptions);
114739
+ return originalFill.execute?.({ element, ref, value, toolCallDescription }, { toolCallId: "", messages: [], abortSignal: undefined });
114948
114740
  }
114949
114741
  });
114950
114742
  return {
114951
114743
  ...tools,
114952
- browser_fill: wrappedFill
114744
+ browser_fill: credentialAwareFill
114953
114745
  };
114954
114746
  }
114955
114747
 
@@ -115010,7 +114802,7 @@ init_zod();
115010
114802
  init_structured();
115011
114803
  init_lazyLogger();
115012
114804
  import { existsSync as existsSync4, mkdirSync as mkdirSync3, writeFileSync as writeFileSync4 } from "node:fs";
115013
- import { join as join8 } from "node:path";
114805
+ import { join as join7 } from "node:path";
115014
114806
  var log = scopedLogger(() => createLogger("complete_authentication"));
115015
114807
  var AUTH_DIR = "auth";
115016
114808
  var AUTH_DATA_FILENAME = "auth-data.json";
@@ -115054,11 +114846,11 @@ This tool marks the end of the authentication flow.`,
115054
114846
  log.info(`Authentication complete: ${result.success ? "SUCCESS" : "FAILED"}`);
115055
114847
  let authDataPath;
115056
114848
  try {
115057
- const authDir = join8(ctx.session.rootPath, AUTH_DIR);
114849
+ const authDir = join7(ctx.session.rootPath, AUTH_DIR);
115058
114850
  if (!existsSync4(authDir)) {
115059
114851
  mkdirSync3(authDir, { recursive: true });
115060
114852
  }
115061
- authDataPath = join8(authDir, AUTH_DATA_FILENAME);
114853
+ authDataPath = join7(authDir, AUTH_DATA_FILENAME);
115062
114854
  const authData = {
115063
114855
  authenticated: result.success,
115064
114856
  strategy: result.strategy || "unknown",
@@ -115275,7 +115067,7 @@ function crawlAuthenticated(ctx) {
115275
115067
  init_dist();
115276
115068
  init_zod();
115277
115069
  import { writeFileSync as writeFileSync5 } from "node:fs";
115278
- import { join as join9 } from "node:path";
115070
+ import { join as join8 } from "node:path";
115279
115071
  function createAttackSurfaceReport(ctx) {
115280
115072
  return tool({
115281
115073
  description: `Provide attack surface analysis results to the orchestrator agent.
@@ -115301,7 +115093,7 @@ Call this at the END of your analysis with:
115301
115093
  toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
115302
115094
  }),
115303
115095
  execute: async (results) => {
115304
- const resultsPath = join9(ctx.session.rootPath, "attack-surface-results.json");
115096
+ const resultsPath = join8(ctx.session.rootPath, "attack-surface-results.json");
115305
115097
  writeFileSync5(resultsPath, JSON.stringify(results, null, 2));
115306
115098
  return {
115307
115099
  success: true,
@@ -115320,7 +115112,7 @@ init_structured();
115320
115112
  init_lazyLogger();
115321
115113
  import { existsSync as existsSync5 } from "node:fs";
115322
115114
  import { mkdir, writeFile } from "node:fs/promises";
115323
- import { dirname as dirname5, isAbsolute as isAbsolute2, resolve as resolve2 } from "node:path";
115115
+ import { dirname as dirname4, isAbsolute, resolve } from "node:path";
115324
115116
  var log3 = scopedLogger(() => createLogger("create_file"));
115325
115117
  var createFileInputSchema = exports_external.object({
115326
115118
  path: exports_external.string().describe("Absolute or relative path for the new file"),
@@ -115343,7 +115135,7 @@ Parent directories are created automatically if they don't exist.`,
115343
115135
  overwrite = false
115344
115136
  }) => {
115345
115137
  log3.debug(`enter: path=${filePath}, contentLen=${content.length}, overwrite=${overwrite}, sandbox=${!!ctx.sandbox}`);
115346
- const resolved = isAbsolute2(filePath) ? filePath : resolve2(ctx.agentCwd, filePath);
115138
+ const resolved = isAbsolute(filePath) ? filePath : resolve(ctx.agentCwd, filePath);
115347
115139
  log3.debug(`resolved: ${resolved}`);
115348
115140
  if (ctx.sandbox) {
115349
115141
  return executeSandboxCreate(ctx, resolved, content, overwrite);
@@ -115364,7 +115156,7 @@ async function executeLocalCreate(filePath, content, overwrite) {
115364
115156
  path: filePath
115365
115157
  };
115366
115158
  }
115367
- const dir = dirname5(filePath);
115159
+ const dir = dirname4(filePath);
115368
115160
  log3.debug(`local: mkdir ${dir}`);
115369
115161
  await mkdir(dir, { recursive: true });
115370
115162
  log3.debug(`local: mkdir done, writing ${content.length} bytes`);
@@ -115398,7 +115190,7 @@ async function executeSandboxCreate(ctx, filePath, content, overwrite) {
115398
115190
  };
115399
115191
  }
115400
115192
  }
115401
- const dirPath = dirname5(filePath);
115193
+ const dirPath = dirname4(filePath);
115402
115194
  await ctx.sandbox.execute(`mkdir -p "${dirPath}"`);
115403
115195
  const base64Content = Buffer.from(content).toString("base64");
115404
115196
  const writeResult = await ctx.sandbox.execute(`echo "${base64Content}" | base64 -d > "${filePath}"`);
@@ -115428,21 +115220,21 @@ init_dist();
115428
115220
  init_zod();
115429
115221
 
115430
115222
  // src/core/tasks/index.ts
115431
- import { mkdirSync as mkdirSync4, readdirSync as readdirSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync6 } from "node:fs";
115432
- import { join as join10 } from "node:path";
115223
+ import { mkdirSync as mkdirSync4, readdirSync as readdirSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync6 } from "node:fs";
115224
+ import { join as join9 } from "node:path";
115433
115225
  var HWM_FILENAME = "_hwm.json";
115434
115226
  function ensureDir(dir) {
115435
115227
  mkdirSync4(dir, { recursive: true });
115436
115228
  }
115437
115229
  function taskPath(tasksDir, id) {
115438
- return join10(tasksDir, `${id}.json`);
115230
+ return join9(tasksDir, `${id}.json`);
115439
115231
  }
115440
115232
  function hwmPath(tasksDir) {
115441
- return join10(tasksDir, HWM_FILENAME);
115233
+ return join9(tasksDir, HWM_FILENAME);
115442
115234
  }
115443
115235
  function readHighWaterMark(tasksDir) {
115444
115236
  try {
115445
- const raw = readFileSync3(hwmPath(tasksDir), "utf-8");
115237
+ const raw = readFileSync2(hwmPath(tasksDir), "utf-8");
115446
115238
  const parsed = JSON.parse(raw);
115447
115239
  return { nextId: parsed.nextId ?? 1 };
115448
115240
  } catch {
@@ -115474,7 +115266,7 @@ function createTask(tasksDir, input) {
115474
115266
  }
115475
115267
  function getTask(tasksDir, id) {
115476
115268
  try {
115477
- const raw = readFileSync3(taskPath(tasksDir, id), "utf-8");
115269
+ const raw = readFileSync2(taskPath(tasksDir, id), "utf-8");
115478
115270
  return JSON.parse(raw);
115479
115271
  } catch {
115480
115272
  return null;
@@ -115511,7 +115303,7 @@ function listTasks(tasksDir, filter) {
115511
115303
  if (!file.endsWith(".json") || file === HWM_FILENAME)
115512
115304
  continue;
115513
115305
  try {
115514
- const raw = readFileSync3(join10(tasksDir, file), "utf-8");
115306
+ const raw = readFileSync2(join9(tasksDir, file), "utf-8");
115515
115307
  const task = JSON.parse(raw);
115516
115308
  if (filter?.status && task.status !== filter.status)
115517
115309
  continue;
@@ -115609,7 +115401,7 @@ init_dist();
115609
115401
  init_zod();
115610
115402
  init_credentials();
115611
115403
  import { writeFileSync as writeFileSync7 } from "node:fs";
115612
- import { join as join11 } from "node:path";
115404
+ import { join as join10 } from "node:path";
115613
115405
  init_structured();
115614
115406
  init_lazyLogger();
115615
115407
  var log4 = scopedLogger(() => createLogger("delegate_auth"));
@@ -115775,7 +115567,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
115775
115567
  if (credentials) {
115776
115568
  ctx.session.credentialManager.addFromAuthCredentials(credentials);
115777
115569
  }
115778
- const { runAuthenticationAgent } = await import("./authentication-69dgp6ec.js");
115570
+ const { runAuthenticationAgent } = await import("./authentication-qswvctj4.js");
115779
115571
  const localBus = new AgentEventBus;
115780
115572
  AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
115781
115573
  const result = await runAuthenticationAgent({
@@ -115794,7 +115586,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
115794
115586
  parentSubagentId: ctx.subagentId
115795
115587
  });
115796
115588
  if (result.success) {
115797
- const sessionInfoPath = join11(ctx.session.rootPath, "session-info.json");
115589
+ const sessionInfoPath = join10(ctx.session.rootPath, "session-info.json");
115798
115590
  const sessionInfo = {
115799
115591
  authenticated: true,
115800
115592
  username: username || "via_subagent",
@@ -115989,7 +115781,7 @@ function detectBarrier(bodyLower, statusCode) {
115989
115781
  init_dist();
115990
115782
  init_zod();
115991
115783
  import { existsSync as existsSync6, mkdirSync as mkdirSync5, writeFileSync as writeFileSync8 } from "node:fs";
115992
- import { join as join12 } from "node:path";
115784
+ import { join as join11 } from "node:path";
115993
115785
  function sanitizeName(name) {
115994
115786
  return name.toLowerCase().replace(/[^a-z0-9-_.]/g, "_");
115995
115787
  }
@@ -116028,7 +115820,7 @@ function validateDomainUrl(value) {
116028
115820
  }
116029
115821
  }
116030
115822
  function documentApp(ctx) {
116031
- const baseAppsPath = join12(ctx.session.rootPath, "apps");
115823
+ const baseAppsPath = join11(ctx.session.rootPath, "apps");
116032
115824
  return tool({
116033
115825
  description: `Document a discovered application during attack surface analysis.
116034
115826
 
@@ -116081,7 +115873,7 @@ Each application creates a JSON file in the apps directory for tracking and anal
116081
115873
  const sanitizedName = sanitizeName(input.appName);
116082
115874
  const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
116083
115875
  const filename = `app_${sanitizedName}_${timestamp}.json`;
116084
- const filepath = join12(baseAppsPath, filename);
115876
+ const filepath = join11(baseAppsPath, filename);
116085
115877
  const appRecord = {
116086
115878
  ...input,
116087
115879
  discoveredAt: new Date().toISOString(),
@@ -116105,7 +115897,7 @@ Each application creates a JSON file in the apps directory for tracking and anal
116105
115897
  init_dist();
116106
115898
  init_zod();
116107
115899
  import { existsSync as existsSync7, mkdirSync as mkdirSync6, writeFileSync as writeFileSync9 } from "node:fs";
116108
- import { join as join13 } from "node:path";
115900
+ import { join as join12 } from "node:path";
116109
115901
 
116110
115902
  // src/core/agents/specialized/attackSurface/blackboxRiskScoring.ts
116111
115903
  var RISK_LEVEL_BASE_SCORE = {
@@ -116344,24 +116136,24 @@ function pLimit(concurrency) {
116344
116136
  activeCount--;
116345
116137
  resumeNext();
116346
116138
  };
116347
- const run = async (function_, resolve3, arguments_) => {
116139
+ const run = async (function_, resolve2, arguments_) => {
116348
116140
  const result = (async () => function_(...arguments_))();
116349
- resolve3(result);
116141
+ resolve2(result);
116350
116142
  try {
116351
116143
  await result;
116352
116144
  } catch {}
116353
116145
  next();
116354
116146
  };
116355
- const enqueue = (function_, resolve3, arguments_) => {
116147
+ const enqueue = (function_, resolve2, arguments_) => {
116356
116148
  new Promise((internalResolve) => {
116357
116149
  queue.enqueue(internalResolve);
116358
- }).then(run.bind(undefined, function_, resolve3, arguments_));
116150
+ }).then(run.bind(undefined, function_, resolve2, arguments_));
116359
116151
  if (activeCount < concurrency) {
116360
116152
  resumeNext();
116361
116153
  }
116362
116154
  };
116363
- const generator = (function_, ...arguments_) => new Promise((resolve3) => {
116364
- enqueue(function_, resolve3, arguments_);
116155
+ const generator = (function_, ...arguments_) => new Promise((resolve2) => {
116156
+ enqueue(function_, resolve2, arguments_);
116365
116157
  });
116366
116158
  Object.defineProperties(generator, {
116367
116159
  activeCount: {
@@ -116455,7 +116247,7 @@ async function generateThreatModelForEndpoint(ctx, input) {
116455
116247
  return threatModelLimiter(async () => {
116456
116248
  if (ctx.abortSignal?.aborted)
116457
116249
  return null;
116458
- const { CodeAgent } = await import("./agent-s4vkqxtr.js");
116250
+ const { CodeAgent } = await import("./agent-8w9h3tnw.js");
116459
116251
  const subagentId = `threat-model-${sanitize(input.appName)}-${sanitize(input.routePath)}`;
116460
116252
  ctx.eventBus?.emit("subagent-spawn", {
116461
116253
  subagentId,
@@ -116763,7 +116555,7 @@ var documentEndpointInputSchema = exports_external.object({
116763
116555
  toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
116764
116556
  });
116765
116557
  function documentEndpoint(ctx) {
116766
- const baseAssetsPath = join13(ctx.session.rootPath, "assets");
116558
+ const baseAssetsPath = join12(ctx.session.rootPath, "assets");
116767
116559
  return tool({
116768
116560
  description: `Document a discovered endpoint during attack surface analysis.
116769
116561
 
@@ -116809,14 +116601,14 @@ Each endpoint creates a JSON file in the assets directory for tracking and analy
116809
116601
  message: `routePath "${input.routePath}" is a full URL. The domain is already stored on the parent application. ` + `Use a path or access pattern instead (e.g. "/api/users", "/{objectKey}?X-Amz-Signature={sig}", "arn:aws:s3:::bucket-name").`
116810
116602
  };
116811
116603
  }
116812
- const targetDir = join13(baseAssetsPath, sanitizeName2(input.appName));
116604
+ const targetDir = join12(baseAssetsPath, sanitizeName2(input.appName));
116813
116605
  if (!existsSync7(targetDir)) {
116814
116606
  mkdirSync6(targetDir, { recursive: true });
116815
116607
  }
116816
116608
  const sanitizedPath = sanitizeName2(input.routePath);
116817
116609
  const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
116818
116610
  const filename = `asset_${sanitizedPath}_${timestamp}.json`;
116819
- const filepath = join13(targetDir, filename);
116611
+ const filepath = join12(targetDir, filename);
116820
116612
  const heuristicRiskScore = computeBlackboxRiskScore(input.riskLevel, "endpoint", {
116821
116613
  url: input.routePath,
116822
116614
  method: input.method,
@@ -116894,7 +116686,7 @@ import {
116894
116686
  unlinkSync,
116895
116687
  writeFileSync as writeFileSync10
116896
116688
  } from "node:fs";
116897
- import { join as join14 } from "node:path";
116689
+ import { join as join13 } from "node:path";
116898
116690
 
116899
116691
  // src/lib/cwe/types.ts
116900
116692
  init_zod();
@@ -118331,7 +118123,7 @@ init_lazyLogger();
118331
118123
  var log6 = scopedLogger(() => createLogger("FindingJudge"));
118332
118124
  async function judgeFinding(input, ctx) {
118333
118125
  try {
118334
- const { FindingJudgeAgent } = await import("./agent-nfshsy6s.js");
118126
+ const { FindingJudgeAgent } = await import("./agent-737mxp3v.js");
118335
118127
  const agent = new FindingJudgeAgent({
118336
118128
  finding: input,
118337
118129
  model: ctx.model,
@@ -118621,14 +118413,14 @@ CRITICAL RULES — READ BEFORE CALLING:
118621
118413
  description: `POC execution output for ${filename}`
118622
118414
  });
118623
118415
  const timestamp = new Date().toISOString();
118624
- const outputDir = isVulnerability ? session.findingsPath : join14(session.rootPath, "informational");
118416
+ const outputDir = isVulnerability ? session.findingsPath : join13(session.rootPath, "informational");
118625
118417
  if (!isVulnerability) {
118626
118418
  mkdirSync7(outputDir, { recursive: true });
118627
118419
  }
118628
118420
  let evidenceForPrompt = materializedEvidence;
118629
118421
  if (materializedEvidence.length > EVIDENCE_FILE_THRESHOLD) {
118630
118422
  const evidenceFilename = `${timestamp.split("T")[0]}-${slugify2(input.title, 40)}-evidence.txt`;
118631
- const evidenceFilePath = join14(outputDir, evidenceFilename);
118423
+ const evidenceFilePath = join13(outputDir, evidenceFilename);
118632
118424
  writeFileSync10(evidenceFilePath, materializedEvidence);
118633
118425
  evidenceForPrompt = materializedEvidence.substring(0, EVIDENCE_FILE_THRESHOLD) + `
118634
118426
  ... [truncated — full output saved to ${evidenceFilename}]`;
@@ -118677,16 +118469,16 @@ CRITICAL RULES — READ BEFORE CALLING:
118677
118469
  cvssResult = FALLBACK_CVSS;
118678
118470
  break;
118679
118471
  }
118680
- await new Promise((resolve3) => {
118681
- const timer = setTimeout(resolve3, 2000);
118472
+ await new Promise((resolve2) => {
118473
+ const timer = setTimeout(resolve2, 2000);
118682
118474
  if (ctx.abortSignal) {
118683
118475
  const onAbort = () => {
118684
118476
  clearTimeout(timer);
118685
- resolve3();
118477
+ resolve2();
118686
118478
  };
118687
118479
  if (ctx.abortSignal.aborted) {
118688
118480
  clearTimeout(timer);
118689
- resolve3();
118481
+ resolve2();
118690
118482
  } else {
118691
118483
  ctx.abortSignal.addEventListener("abort", onAbort, {
118692
118484
  once: true
@@ -118770,8 +118562,8 @@ CRITICAL RULES — READ BEFORE CALLING:
118770
118562
  const findingId = `${timestamp.split("T")[0]}-${slugify2(finding.title, 50)}`;
118771
118563
  const jsonFilename = `${findingId}.json`;
118772
118564
  const mdFilename = `${findingId}.md`;
118773
- const jsonPath = join14(outputDir, jsonFilename);
118774
- const mdPath = join14(outputDir, mdFilename);
118565
+ const jsonPath = join13(outputDir, jsonFilename);
118566
+ const mdPath = join13(outputDir, mdFilename);
118775
118567
  try {
118776
118568
  writeFileSync10(jsonPath, JSON.stringify(findingWithMeta, null, 2));
118777
118569
  const cvssSection = cvssWarning ? `## CVSS 4.0 Assessment
@@ -118854,7 +118646,7 @@ ${finding.references}` : ""}
118854
118646
  `;
118855
118647
  writeFileSync10(mdPath, markdown);
118856
118648
  if (isVulnerability) {
118857
- const summaryPath = join14(session.rootPath, "findings-summary.md");
118649
+ const summaryPath = join13(session.rootPath, "findings-summary.md");
118858
118650
  const cweTag = cvssResult.cwes?.length ? ` (${cvssResult.cwes.map((c) => c.id).join(", ")})` : "";
118859
118651
  const cvssTag = cvssWarning ? "(estimated)" : `(CVSS ${cvssResult.score})`;
118860
118652
  const summaryEntry = `- [${finding.severity}] ${cvssTag}${cweTag} ${finding.title} - \`findings/${mdFilename}\`
@@ -118912,7 +118704,7 @@ async function executeLocalPoc(ctx, input) {
118912
118704
  mkdirSync7(pocsPath, { recursive: true });
118913
118705
  }
118914
118706
  const { filename, pocContent } = preparePoc(input);
118915
- const pocPath = join14(pocsPath, filename);
118707
+ const pocPath = join13(pocsPath, filename);
118916
118708
  writeFileSync10(pocPath, pocContent);
118917
118709
  chmodSync(pocPath, 493);
118918
118710
  const { stdout, stderr, exitCode } = await runScript(POC_RUNNERS[input.pocType], pocPath, 60000, ctx.abortSignal);
@@ -118930,7 +118722,7 @@ async function executeSandboxPoc(ctx, input) {
118930
118722
  if (!existsSync8(localPocsPath)) {
118931
118723
  mkdirSync7(localPocsPath, { recursive: true });
118932
118724
  }
118933
- const localPocPath = join14(localPocsPath, filename);
118725
+ const localPocPath = join13(localPocsPath, filename);
118934
118726
  writeFileSync10(localPocPath, pocContent);
118935
118727
  const sandboxPocPath = `/tmp/pocs/${filename}`;
118936
118728
  const base64Content = Buffer.from(pocContent).toString("base64");
@@ -118963,10 +118755,10 @@ POC file has been deleted.`,
118963
118755
  }
118964
118756
  function cleanupPocFiles(ctx, filename) {
118965
118757
  try {
118966
- unlinkSync(join14(ctx.session.pocsPath, filename));
118758
+ unlinkSync(join13(ctx.session.pocsPath, filename));
118967
118759
  } catch {}
118968
118760
  try {
118969
- unlinkSync(join14(ctx.session.pocsPath, `${filename}.output.json`));
118761
+ unlinkSync(join13(ctx.session.pocsPath, `${filename}.output.json`));
118970
118762
  } catch {}
118971
118763
  }
118972
118764
  function sanitizeFilename(str) {
@@ -119027,7 +118819,7 @@ ${commentChar} Created: ${new Date().toISOString()}
119027
118819
  }
119028
118820
  function writePocOutputSidecar(pocsPath, filename, stdout, stderr, exitCode, description) {
119029
118821
  try {
119030
- const outputPath = join14(pocsPath, `${filename}.output.json`);
118822
+ const outputPath = join13(pocsPath, `${filename}.output.json`);
119031
118823
  writeFileSync10(outputPath, JSON.stringify({
119032
118824
  stdout,
119033
118825
  stderr,
@@ -119039,7 +118831,7 @@ function writePocOutputSidecar(pocsPath, filename, stdout, stderr, exitCode, des
119039
118831
  } catch {}
119040
118832
  }
119041
118833
  function runScript(runner, scriptPath, timeout, abortSignal) {
119042
- return new Promise((resolve3) => {
118834
+ return new Promise((resolve2) => {
119043
118835
  const child = spawn2(runner, [scriptPath], {
119044
118836
  stdio: ["ignore", "pipe", "pipe"],
119045
118837
  detached: process.platform !== "win32"
@@ -119061,7 +118853,7 @@ function runScript(runner, scriptPath, timeout, abortSignal) {
119061
118853
  resolved = true;
119062
118854
  clearTimeout(timeoutTimer);
119063
118855
  abortCleanup?.();
119064
- resolve3(result);
118856
+ resolve2(result);
119065
118857
  }
119066
118858
  };
119067
118859
  const killProcess = () => {
@@ -119374,8 +119166,8 @@ class ImapFlow extends EventEmitter2 {
119374
119166
  }
119375
119167
  let tag = (++this.tagCounter).toString(16).toUpperCase();
119376
119168
  options = options || {};
119377
- let promise2 = new Promise((resolve3, reject) => {
119378
- this.requestTagMap.set(tag, { command, attributes, options, resolve: resolve3, reject });
119169
+ let promise2 = new Promise((resolve2, reject) => {
119170
+ this.requestTagMap.set(tag, { command, attributes, options, resolve: resolve2, reject });
119379
119171
  this.requestQueue.push({ tag, command, attributes, options });
119380
119172
  this.trySend().catch((err) => {
119381
119173
  this.requestTagMap.delete(tag);
@@ -119481,7 +119273,7 @@ class ImapFlow extends EventEmitter2 {
119481
119273
  switch (parsed.command.toUpperCase()) {
119482
119274
  case "OK":
119483
119275
  case "BYE":
119484
- await new Promise((resolve3) => request.resolve({ response: parsed, next: resolve3 }));
119276
+ await new Promise((resolve2) => request.resolve({ response: parsed, next: resolve2 }));
119485
119277
  break;
119486
119278
  case "NO":
119487
119279
  case "BAD": {
@@ -119498,7 +119290,7 @@ class ImapFlow extends EventEmitter2 {
119498
119290
  err.responseText = txt;
119499
119291
  if (err.responseStatus === "NO" && txt.includes("Some of the requested messages no longer exist")) {
119500
119292
  this.log.warn({ msg: "Partial FETCH response", cid: this.id, err });
119501
- await new Promise((resolve3) => request.resolve({ response: parsed, next: resolve3 }));
119293
+ await new Promise((resolve2) => request.resolve({ response: parsed, next: resolve2 }));
119502
119294
  break;
119503
119295
  }
119504
119296
  let throttleDelay = false;
@@ -119534,7 +119326,7 @@ class ImapFlow extends EventEmitter2 {
119534
119326
  data.next();
119535
119327
  processedCount++;
119536
119328
  if (processedCount % 10 === 0) {
119537
- await new Promise((resolve3) => setImmediate(resolve3));
119329
+ await new Promise((resolve2) => setImmediate(resolve2));
119538
119330
  }
119539
119331
  }
119540
119332
  }
@@ -119695,7 +119487,7 @@ class ImapFlow extends EventEmitter2 {
119695
119487
  }
119696
119488
  processedChunks++;
119697
119489
  if (processedChunks % 100 === 0) {
119698
- await new Promise((resolve3) => setImmediate(resolve3));
119490
+ await new Promise((resolve2) => setImmediate(resolve2));
119699
119491
  if (!this.writeSocket) {
119700
119492
  break;
119701
119493
  }
@@ -119753,7 +119545,7 @@ class ImapFlow extends EventEmitter2 {
119753
119545
  return this._failSTARTTLS();
119754
119546
  }
119755
119547
  this.socket.unpipe(this.streamer);
119756
- let upgraded = await new Promise((resolve3, reject) => {
119548
+ let upgraded = await new Promise((resolve2, reject) => {
119757
119549
  let socketPlain = this.socket;
119758
119550
  let opts = Object.assign({
119759
119551
  socket: this.socket,
@@ -119807,7 +119599,7 @@ class ImapFlow extends EventEmitter2 {
119807
119599
  });
119808
119600
  }
119809
119601
  socketPlain.removeListener("error", socketPlainErrorHandler);
119810
- return resolve3(true);
119602
+ return resolve2(true);
119811
119603
  } catch (ex) {
119812
119604
  this.emitError(ex);
119813
119605
  }
@@ -119883,10 +119675,10 @@ class ImapFlow extends EventEmitter2 {
119883
119675
  }
119884
119676
  this.startSession().then(() => {
119885
119677
  if (typeof this.initialResolve === "function") {
119886
- let resolve3 = this.initialResolve;
119678
+ let resolve2 = this.initialResolve;
119887
119679
  this.initialResolve = false;
119888
119680
  this.initialReject = false;
119889
- return resolve3();
119681
+ return resolve2();
119890
119682
  }
119891
119683
  }).catch((err) => {
119892
119684
  this.log.error({ err, cid: this.id });
@@ -120128,7 +119920,7 @@ class ImapFlow extends EventEmitter2 {
120128
119920
  throw error2;
120129
119921
  }
120130
119922
  }
120131
- let connectPromise = new Promise((resolve3, reject) => {
119923
+ let connectPromise = new Promise((resolve2, reject) => {
120132
119924
  this.connectTimeout = setTimeout(() => {
120133
119925
  let err = new Error("Failed to establish connection in required time");
120134
119926
  err.code = "CONNECT_TIMEOUT";
@@ -120176,7 +119968,7 @@ class ImapFlow extends EventEmitter2 {
120176
119968
  this.setSocketHandlers();
120177
119969
  this.setEventHandlers();
120178
119970
  this.socket.pipe(this.streamer);
120179
- this.initialResolve = resolve3;
119971
+ this.initialResolve = resolve2;
120180
119972
  this.initialReject = reject;
120181
119973
  } catch (ex) {
120182
119974
  reject(ex);
@@ -120537,17 +120329,17 @@ class ImapFlow extends EventEmitter2 {
120537
120329
  let aborted2 = false;
120538
120330
  let push = false;
120539
120331
  let rowQueue = [];
120540
- let getNext = () => new Promise((resolve3, reject) => {
120332
+ let getNext = () => new Promise((resolve2, reject) => {
120541
120333
  let check2 = () => {
120542
120334
  if (rowQueue.length) {
120543
120335
  let entry = rowQueue.shift();
120544
120336
  if (entry.err) {
120545
120337
  return reject(entry.err);
120546
120338
  }
120547
- return resolve3(entry.value);
120339
+ return resolve2(entry.value);
120548
120340
  }
120549
120341
  if (finished) {
120550
- return resolve3(null);
120342
+ return resolve2(null);
120551
120343
  }
120552
120344
  push = () => {
120553
120345
  push = false;
@@ -120832,7 +120624,7 @@ class ImapFlow extends EventEmitter2 {
120832
120624
  }
120833
120625
  if (writeChunk(chunk2) === false) {
120834
120626
  try {
120835
- await new Promise((resolve3, reject) => {
120627
+ await new Promise((resolve2, reject) => {
120836
120628
  let resolved = false;
120837
120629
  const finish = (err) => {
120838
120630
  if (resolved)
@@ -120844,7 +120636,7 @@ class ImapFlow extends EventEmitter2 {
120844
120636
  if (err) {
120845
120637
  reject(err);
120846
120638
  } else {
120847
- resolve3();
120639
+ resolve2();
120848
120640
  }
120849
120641
  };
120850
120642
  stream.once("drain", () => finish());
@@ -121035,10 +120827,10 @@ class ImapFlow extends EventEmitter2 {
121035
120827
  }
121036
120828
  processedCount++;
121037
120829
  if (processedCount % 5 === 0) {
121038
- await new Promise((resolve4) => setImmediate(resolve4));
120830
+ await new Promise((resolve3) => setImmediate(resolve3));
121039
120831
  }
121040
120832
  const lock = this.locks.shift();
121041
- const { resolve: resolve3, reject, path, options, lockId } = lock;
120833
+ const { resolve: resolve2, reject, path, options, lockId } = lock;
121042
120834
  if (lock.acquireTimer) {
121043
120835
  clearTimeout(lock.acquireTimer);
121044
120836
  lock.acquireTimer = null;
@@ -121103,7 +120895,7 @@ class ImapFlow extends EventEmitter2 {
121103
120895
  });
121104
120896
  this.currentLock = lock;
121105
120897
  armHeldTimer();
121106
- resolve3({ path, release });
120898
+ resolve2({ path, release });
121107
120899
  break;
121108
120900
  }
121109
120901
  try {
@@ -121117,7 +120909,7 @@ class ImapFlow extends EventEmitter2 {
121117
120909
  });
121118
120910
  this.currentLock = lock;
121119
120911
  armHeldTimer();
121120
- resolve3({ path, release });
120912
+ resolve2({ path, release });
121121
120913
  break;
121122
120914
  } catch (err) {
121123
120915
  if (err.responseStatus === "NO") {
@@ -121164,8 +120956,8 @@ class ImapFlow extends EventEmitter2 {
121164
120956
  ...this.currentLock.options?.description && { description: this.currentLock.options?.description }
121165
120957
  } : null
121166
120958
  });
121167
- let lockPromise = new Promise((resolve3, reject) => {
121168
- let lockEntry = { resolve: resolve3, reject, path, options, lockId };
120959
+ let lockPromise = new Promise((resolve2, reject) => {
120960
+ let lockEntry = { resolve: resolve2, reject, path, options, lockId };
121169
120961
  this.locks.push(lockEntry);
121170
120962
  if (Number(options.acquireTimeout) > 0) {
121171
120963
  lockEntry.acquireTimer = setTimeout(() => {
@@ -122343,6 +122135,168 @@ init_dist();
122343
122135
  init_zod();
122344
122136
  import { existsSync as existsSync9, mkdirSync as mkdirSync8, writeFileSync as writeFileSync11 } from "node:fs";
122345
122137
  import { join as join15 } from "node:path";
122138
+
122139
+ // src/core/prompt-injections/index.ts
122140
+ init_zod();
122141
+ import { createHash } from "node:crypto";
122142
+ import { readFileSync as readFileSync3, statSync as statSync2 } from "node:fs";
122143
+ import { dirname as dirname5, isAbsolute as isAbsolute2, join as join14, relative, resolve as resolve2, sep } from "node:path";
122144
+ function sha256(value) {
122145
+ return createHash("sha256").update(value).digest("hex");
122146
+ }
122147
+ var PromptInjectionCatalogEntrySchema = exports_external.object({
122148
+ id: exports_external.string().min(1),
122149
+ name: exports_external.string().min(1).optional(),
122150
+ category: exports_external.string().min(1).optional(),
122151
+ description: exports_external.string().default(""),
122152
+ tags: exports_external.array(exports_external.string()).default([]),
122153
+ deliveryHints: exports_external.array(exports_external.string()).default([]),
122154
+ expectedObservation: exports_external.string().default(""),
122155
+ payloadPath: exports_external.string().min(1)
122156
+ });
122157
+ var PromptInjectionLibraryFileSchema = exports_external.union([
122158
+ exports_external.array(PromptInjectionCatalogEntrySchema),
122159
+ exports_external.object({
122160
+ payloads: exports_external.array(PromptInjectionCatalogEntrySchema)
122161
+ }),
122162
+ exports_external.object({
122163
+ injections: exports_external.array(PromptInjectionCatalogEntrySchema)
122164
+ })
122165
+ ]);
122166
+ function isPromptInjectionRef(value) {
122167
+ return typeof value === "object" && value !== null && value.kind === "prompt_injection_ref" && typeof value.id === "string";
122168
+ }
122169
+
122170
+ class StaticPromptInjectionLibrary {
122171
+ ordered;
122172
+ entries;
122173
+ hashes;
122174
+ constructor(entries) {
122175
+ this.ordered = entries;
122176
+ this.entries = new Map(entries.map((entry) => [entry.id, entry]));
122177
+ this.hashes = new Map(entries.map((entry) => [entry.id, sha256(entry.payload)]));
122178
+ }
122179
+ listCatalog() {
122180
+ return this.ordered.map(({ payload, payloadFilePath: _path, ...entry }) => ({
122181
+ ...entry,
122182
+ payloadHash: sha256(payload)
122183
+ }));
122184
+ }
122185
+ getPayload(id) {
122186
+ return this.entries.get(id)?.payload;
122187
+ }
122188
+ getPayloadFilePath(id) {
122189
+ return this.entries.get(id)?.payloadFilePath;
122190
+ }
122191
+ getPayloadHash(id) {
122192
+ return this.hashes.get(id);
122193
+ }
122194
+ has(id) {
122195
+ return this.entries.has(id);
122196
+ }
122197
+ }
122198
+ var EMPTY_PROMPT_INJECTION_LIBRARY = new StaticPromptInjectionLibrary([]);
122199
+ var SOURCE_CACHE = new Map;
122200
+ function resolvePromptInjectionLibrarySource(explicit) {
122201
+ return explicit || process.env.PENSAR_PROMPT_INJECTION_LIBRARY || process.env.APEX_PROMPT_INJECTION_LIBRARY;
122202
+ }
122203
+ function resolveCatalogPath(source) {
122204
+ if (source.startsWith("https://") || source.startsWith("http://")) {
122205
+ throw new Error("Prompt injection library source must be a local path, not a URL.");
122206
+ }
122207
+ const path = source.startsWith("file://") ? source.slice(7) : source;
122208
+ const resolved = isAbsolute2(path) ? path : resolve2(process.cwd(), path);
122209
+ const stat = statSync2(resolved);
122210
+ if (stat.isDirectory()) {
122211
+ return { catalogPath: join14(resolved, "catalog.json"), root: resolved };
122212
+ }
122213
+ return { catalogPath: resolved, root: dirname5(resolved) };
122214
+ }
122215
+ function resolvePayloadPath(root, payloadPath) {
122216
+ if (isAbsolute2(payloadPath)) {
122217
+ throw new Error("Prompt injection payloadPath must be relative.");
122218
+ }
122219
+ const resolved = resolve2(root, payloadPath);
122220
+ const relativePath = relative(root, resolved);
122221
+ if (relativePath === ".." || relativePath.startsWith(`..${sep}`)) {
122222
+ throw new Error("Prompt injection payloadPath must stay within the library.");
122223
+ }
122224
+ return resolved;
122225
+ }
122226
+ function parsePromptInjectionLibrary(raw, root) {
122227
+ const parsed = PromptInjectionLibraryFileSchema.parse(JSON.parse(raw));
122228
+ const catalogEntries = Array.isArray(parsed) ? parsed : ("payloads" in parsed) ? parsed.payloads : parsed.injections;
122229
+ const entries = catalogEntries.map((entry) => {
122230
+ const payloadFile = resolvePayloadPath(root, entry.payloadPath);
122231
+ const payload = readFileSync3(payloadFile, "utf-8");
122232
+ const { payloadPath: _payloadPath, name, category, ...safeEntry } = entry;
122233
+ return {
122234
+ ...safeEntry,
122235
+ name: name ?? entry.id,
122236
+ category: category ?? "uncategorized",
122237
+ payload,
122238
+ payloadFilePath: payloadFile
122239
+ };
122240
+ });
122241
+ return new StaticPromptInjectionLibrary(entries);
122242
+ }
122243
+ async function readSource(source) {
122244
+ if (source.startsWith("https://") || source.startsWith("http://")) {
122245
+ throw new Error("Prompt injection library source must be a local path, not a URL.");
122246
+ }
122247
+ const { catalogPath, root } = resolveCatalogPath(source);
122248
+ return parsePromptInjectionLibrary(readFileSync3(catalogPath, "utf-8"), root);
122249
+ }
122250
+ async function loadPromptInjectionLibrary(source) {
122251
+ let cached2 = SOURCE_CACHE.get(source);
122252
+ if (!cached2) {
122253
+ cached2 = readSource(source).catch((err) => {
122254
+ SOURCE_CACHE.delete(source);
122255
+ throw err;
122256
+ });
122257
+ SOURCE_CACHE.set(source, cached2);
122258
+ }
122259
+ return cached2;
122260
+ }
122261
+ async function getPromptInjectionLibrary(opts) {
122262
+ if (opts?.library)
122263
+ return opts.library;
122264
+ const source = resolvePromptInjectionLibrarySource(opts?.source);
122265
+ if (!source)
122266
+ return EMPTY_PROMPT_INJECTION_LIBRARY;
122267
+ return loadPromptInjectionLibrary(source);
122268
+ }
122269
+ function resolvePromptInjectionRefs(value, library) {
122270
+ if (isPromptInjectionRef(value)) {
122271
+ const payload = library.getPayload(value.id);
122272
+ if (!payload)
122273
+ throw new Error(`Unknown prompt injection id: ${value.id}`);
122274
+ return payload;
122275
+ }
122276
+ if (Array.isArray(value)) {
122277
+ return value.map((item) => resolvePromptInjectionRefs(item, library));
122278
+ }
122279
+ if (typeof value === "object" && value !== null) {
122280
+ const resolved = {};
122281
+ for (const [key, nested] of Object.entries(value)) {
122282
+ resolved[key] = resolvePromptInjectionRefs(nested, library);
122283
+ }
122284
+ return resolved;
122285
+ }
122286
+ return value;
122287
+ }
122288
+ function redactPromptInjectionPayloads(value, library) {
122289
+ let redacted = value;
122290
+ for (const entry of library.listCatalog()) {
122291
+ const payload = library.getPayload(entry.id);
122292
+ if (!payload)
122293
+ continue;
122294
+ redacted = redacted.split(payload).join(`[PROMPT_INJECTION:${entry.id}]`);
122295
+ }
122296
+ return redacted;
122297
+ }
122298
+
122299
+ // src/core/agents/offSecAgent/tools/executeCommand.ts
122346
122300
  var MAX_INLINE = 50000;
122347
122301
  var MS_TIMEOUT_THRESHOLD = 1e4;
122348
122302
  var DEFAULT_PROMPT_INJECTION_FILE_ENV = "APEX_PROMPT_INJECTION_FILE";
@@ -124412,7 +124366,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
124412
124366
  });
124413
124367
  if (cwd) {
124414
124368
  try {
124415
- const { WhiteboxAttackSurfaceAgent } = await import("./index-xf9cpaaf.js");
124369
+ const { WhiteboxAttackSurfaceAgent } = await import("./index-5h1hjhzw.js");
124416
124370
  const localBus = new AgentEventBus;
124417
124371
  AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
124418
124372
  const agent = new WhiteboxAttackSurfaceAgent({
@@ -124462,7 +124416,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
124462
124416
  }
124463
124417
  }
124464
124418
  try {
124465
- const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-458t65hq.js");
124419
+ const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-vwm9t3h4.js");
124466
124420
  const localBus = new AgentEventBus;
124467
124421
  AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
124468
124422
  const agent = new BlackboxAttackSurfaceAgent({
@@ -124540,7 +124494,7 @@ Omit \`cwd\` for blackbox mode (live target probing only).`,
124540
124494
  toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
124541
124495
  }),
124542
124496
  execute: async ({ target, cwd }) => {
124543
- const { runPentestWorkflow: workflow } = await import("./pentest-pc1098c0.js");
124497
+ const { runPentestWorkflow: workflow } = await import("./pentest-1e30q7rs.js");
124544
124498
  if (!ctx.model) {
124545
124499
  return {
124546
124500
  success: false,
@@ -126116,7 +126070,7 @@ Returns an array of results with the text output from each agent.`,
126116
126070
  });
126117
126071
  }
126118
126072
  async function runSingleCodingAgent(ctx, codebasePath, objective, agentIndex, name) {
126119
- const { CodeAgent } = await import("./agent-s4vkqxtr.js");
126073
+ const { CodeAgent } = await import("./agent-8w9h3tnw.js");
126120
126074
  const subagentId = `coding-agent-${agentIndex}`;
126121
126075
  ctx.eventBus?.emit("subagent-spawn", {
126122
126076
  subagentId,
@@ -126622,7 +126576,7 @@ Returns the worker's summary, objective results, and finding count — but NOT t
126622
126576
  message: "spawn_pentest_agent requires a model in the tool context."
126623
126577
  };
126624
126578
  }
126625
- const { TargetedPentestAgent } = await import("./agent-3n3mpmyd.js");
126579
+ const { TargetedPentestAgent } = await import("./agent-vdrtakz4.js");
126626
126580
  const findingsRegistry = ctx.findingsRegistry ?? FindingsRegistry.fromDirectory(ctx.session.findingsPath, {
126627
126581
  model: ctx.model,
126628
126582
  authConfig: ctx.authConfig,
@@ -126779,7 +126733,7 @@ Pass every target you want tested — the swarm handles concurrency automaticall
126779
126733
  toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
126780
126734
  }),
126781
126735
  execute: async ({ targets }) => {
126782
- const { runPentestSwarm, DEFAULT_CONCURRENCY: DEFAULT_CONCURRENCY2 } = await import("./pentest-pc1098c0.js");
126736
+ const { runPentestSwarm, DEFAULT_CONCURRENCY: DEFAULT_CONCURRENCY2 } = await import("./pentest-1e30q7rs.js");
126783
126737
  if (!ctx.model) {
126784
126738
  return {
126785
126739
  success: false,